Last updated: November 30, 2023

Atriis Technologies Ltd. and our affiliates (“Atriis”, “we”, “our” or “us”), put great efforts in communicating our personal data practices and in making sure that the personal data we process is safe and used properly.

This privacy policy (the “Policy”) will tell you how we use and protect personal data when you interact with us and use our website or platform. Hence, we process personal data subject to the terms of this Policy.

The Summary of this Policy will give you a quick and clear view of our practices. Please take the time to read our full Policy.

Summary of the Policy

Purpose of the Policy – This Policy applies to personal data of website visitors, customers and their employees, which Atriis processes as the data controller. Read more.

Personal Data Collection – We collect most of the personal data related to you when you register and log in to our Service or when you engage with our website. Read more.

The Purposes of Use of Personal Data – We collect the personal data related to you, for various business purposes as further detailed in ‘The purposes of use of personal data’ section of this privacy policy. Read more.

Personal Data Sharing – We share information with our service providers as necessary to facilitate our business. We will share information when we change our corporate structure, and we will share the information with our affiliated entity. Read more.

Personal Data Retention – We retain different types of personal data for different periods, depending on the purposes for processing the information, our legitimate business purposes as well as pursuant to legal requirements. Read more.

Cross-Border Data Transfers – We may store and process personal data in various locations as reasonably necessary for the proper performance and delivery of our Service, or as may be required by law. Read more.

Aggregated and analytical information – Aggregated data is not identifiable. We use standard analytical tools for legitimate business purposes. Read more.

Communications – We or our business partners will use contact you about the use of our Service. You may opt out of such Communications. Read more.

Personal Data Security – We implement physical, technical and organizational measures to secure personal data from loss, misuse, unauthorized access or disclosure, alteration or destruction. Read more.

Specific provision for EEA residents – If we process personal data related to you when you are in the EEA, further terms apply to our processing in relation to your rights as a data subject under EEA data protection laws. Read more.

Changes to this Privacy Policy – We will update this privacy policy from time to time after giving proper notice. Read more.

Contact Us – In case of questions, please contact us at dpo@atriis.com or at our offices located at 14 Halamish St., 3079896 Casarea, Israel. Read more.

Purpose of the Policy

You are not legally required to provide us with any personal data, and may do so (or avoid doing so) at your own free will and consent. If you do not wish to provide us with personal data related to you, or to have it processed by us, please avoid any interaction with us or any use of our Site or the Service.

This Policy describes how we collect, store, use and disclose the personal data related to the following:

• Website visitors, prospective clients or partners (“Visitors”) who visit or interact with our website (www.atriis.com) (the “Site”), and to whom we send emails or communications (collectively, the “Communications”);
• Customers (“Customers”) and their employees, and other points of contact (the “Users”) from companies or organizations with whom we have a commercial relationship or who have engaged with us in order to use of the Atriis Platform (available at: www.gtp-marketplace.com and www.atriis.app and other tools and features provided by us as part of the services (the “Service”).
• We also process personal data related to travellers, including names, email address, phone number, and other identifiers, that we receive from our Customers, and process as part of our Service (the “Traveller Data”). Please note that under the GDPR (as defined below), we are the data processor of such Traveller Data and we are handling such personal data in accordance with our DPA. Read more.

Throughout this Policy, Visitors and Users will be addressed as “you”.

PERSONAL DATA COLLECTION

Website Visitors

When you contact us, for example to get a demo of our Service or for any other reason, we will receive and process any personal data that you provide to us, such as your first and family name, mobile phone number, email address, company name, company website and job title. In addition, we will collect any personal data that you will provide to us while communicating with us.

Service Users

If you sign up for an account on behalf of a Customer, we will collect the contact information you provided, such as your first and family name, phone number and email address.

To the extent that a Customer, or anyone on its behalf, has provided us with a User’s personal contact details, rather than corporate business contact information (e.g., office@organization.com), then such information will constitute personal data of such User.

If you create a User account, we will need additional personal data to ensure the security of your account. You will be asked to create a password which will not be viewable by us or provide an access token which will not be usable by us.

In addition, we will collect any information that you provide while executing workflows using our Service, answering to our surveys and sharing feedback regarding our Service with us.

Travellers

We are processing Traveller Data as set out in our DPA in accordance with the instructions we receive from our respective Customer, who is the controller of such Traveller Data. 

Data automatically collected or generated: when you visit the Site, interact with or use our Service we may collect or generate certain technical data about you, either independently or with the help of our Service Providers (as defined below), including through the use of “cookies” and other tracking technologies (as further detailed below). Such data mainly consists of technical or aggregated usage data, such as IP address, data regarding a device such as operating system and browser, local and language settings used and User activity on our Service.

THE PURPOSES OF USE OF PERSONAL DATA

Atriis collects and processes personal data that relates to you for the following purposes:

1. To facilitate, operate, and provide our Service and the Site;
2. We use Traveller Data to fulfil our obligations towards our Customers and provide the Service to them;
3. To get in touch about a trial or demo of our product;
4. To authenticate the identity of our Users and allow them to access and use our Service;
5. To provide our Users and Customers with customer support, assistance and technical support service;
6. To train and improve our algorithms, and to further develop, customize and improve the Service, and to improve user experience, based on common or personal preferences, experiences and difficulties;
7. To facilitate and optimize our marketing and advertising campaigns, and management and sales operations, and to manage and deliver advertisements for our products and services more effectively;
8. To contact you with general or personalized Service-related messages, or with promotional messages and to facilitate, sponsor and offer certain events and promotions;
9. To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error or any illegal or prohibited activity; and
10. To comply with applicable laws and regulations.
11. Subject to your consent, if such is required under applicable law, to send you e-mail or other messages and/or newsletters about us or our Service. At any time, you can unsubscribe from our mailing list by clicking on the unsubscribe link on the message.

PERSONAL DATA SHARING

Like many companies, we use a number of service providers to help us provide the Service. We disclose personal data to third party service providers to help us operate, manage and protect the Service. These service providers provide us with services such as hosting and server co-location services, analytics, enrichment, data and cyber security, billing and payment processing services, and marketing automation (collectively, “Service Providers”). We use standard analytics tools, such as, Google Analytics, and we may use additional or other analytics tools, from time to time. The privacy practices of these tools are subject to their own privacy policies. See Google Analytics Privacy Policy at: http://www.google.com/analytics/learn/privacy.html.

We share personal data internally within our group, for the purposes described in this Policy. A merger, acquisition or any other structural change will require us to transfer personal data to another entity, as part of the structural change, provided that the receiving entity will not provide a lesser protection for personal data related to you than the level of protection under this Policy.       

We will disclose personal data with or without notice (a) if required by a subpoena or other judicial or administrative order; (b) where required by law; or (c) at our sole discretion, where we deem it necessary to protect the safety of any individual, the general public, or to preserve our or any third party’s rights.

Traveller Data: Subject to the instructions of our respective Customer, we will disclose Traveller Data to the recipients identified https://atriis.zendesk.com/hc/en-us/articles/10310517824540-Atriis-Data-Recipients.

PERSONAL DATA RETENTION

We retain different types of personal data for different periods, depending on the purposes for processing such personal data, our legitimate business purposes as well as pursuant to legal requirements under applicable laws.

We will keep aggregated non-identifiable information without limitation, and to the extent reasonable we will delete or de-identify potentially identifiable information, when we no longer need to process the information in an identifiable form.

In any case, as long as you use the Service, we will keep information about you, unless applicable law requires us to delete it.

CROSS-BORDER DATA TRANSFERS

We are a global company. We may store and process personal data in various sites throughout the globe, including in the United States, the European Union, Israel, and other locations as reasonably necessary for the proper performance and delivery of our Service, or as may be required by law.

When transferring personal data outside of the EEA, we comply with the applicable legal requirements of providing adequate safeguards, including the use of standard contractual clauses adopted by the European Commission. When we transfer Traveller Data to recipients located outside of the EEA, we do so in accordance with the instructions we receive from the respective Customer who is the controller of such Traveller Data.

If you are resident of the EU (or any other jurisdiction that applies privacy in the same manner as GDPR), the transfer of personal data related to you is based on GDPR Article 49(1)(b), as it is necessary for the performance of a contract or the implementation of pre-contractual measures.

AGGREGATED AND ANALYTICS INFORMATION

We use standard analytics tools. The privacy practices of these tools are subject to their own privacy policies, and they use their own cookies to provide their service.

We use the standard analytics tools like Google Analytics or Facebook Analytics to learn about how you and other users use our Service, how we should improve your user experience and which improvements we should prioritize. We will use additional or other analytics tools, from time to time, in support of our Service-related activities and operations. The privacy practices of these tools are subject to their own privacy policies.

In order to find out how Google uses data when you use their services you can visit: http://www.google.com/policies/privacy/partners/.

We use anonymous, statistical or aggregated information and will share it with our partners for legitimate business purposes. It has no effect on your privacy, because there is no reasonable way to extract data from the aggregated information that we or others can associate specifically to you.

COMMUNICATIONS

We and our authorized partners will use your phone number or your email address to send Communications in order to contact you about the use of our Service, or to promote services which we believe you will be interested in.

If you communicate with us, phone calls may be recorded for staff training or sales quality purposes.

If you do not wish to receive such Communications, you may notify Atriis at any time by sending an e-mail to: dpo@atriis.com, or by following the “unsubscribe”, “stop”, “opt-out” or “change e-mail preferences” instructions contained in the Communications you receive.

PERSONAL DATA SECURITY

We maintain the confidentiality of personal data related to you and we take reasonable steps to ensure that the personal data is accurate, complete, current and reliable for its intended use. We take reasonable measures to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction.

We have put in place appropriate physical, electronic and organizational procedures to safeguard and secure personal data related to you from loss, misuse, unauthorized access or disclosure, alternation or destruction.

These measures provide sound industry standard security. However, although we make efforts to protect your privacy, we cannot guarantee that the Service will be immune from cyber-attacks, malicious activities, malfunctions, honest mistakes or other types of abuse and misuse.

SPECIFIC PROVISION FOR EEA RESIDENTS

Under the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”), we are considered a data controller for data processing activities related to the Site and for processing personal data related to employees, contractors, and other points of contact from Customers. If you are a resident of a territory in the European Economic Area (“EEA”), the United Kingdom or Switzerland, we base our processing of personal data as a data controller on the following lawful grounds:

• All processing of personal data related to you which are not based on the lawful grounds indicated below, are based on your consent. You have the right to withdraw your consent at any time.
• We process personal data related to you as a preliminary necessary step prior to initiate an engagement with the Customer or as necessary for the performance of the respective agreement with such Customer.
• We will rely on our legitimate interests, which we believe are not overridden by your fundamental rights and freedoms, for protecting our Service from abuse, fraud, or security risks, or in developing, improving, or promoting our Service, including when we train our models. This may include the processing of account information, Content, and Technical Information.
• We will process personal data related to you to comply with a legal obligation and to protect yours and others’ vital interests.

At any time, you can contact us at dpo@atriis.com and request to exercise your rights in accordance with the provisions provided by law:

• You are entitled to access the personal data that we keep about you together with information about how and on what basis the personal data is being processed and to rectify when such information is inaccurate. If you find that the personal data related to you is not accurate, complete or updated, then please provide us the necessary information to correct it.
• You can contact us if you want to withdraw your consent to the processing of personal data related to you. Exercising this right will not affect the lawfulness of processing based on consent before its withdrawal.
• You are entitled to request to delete or restrict access to personal data related to you in limited circumstances as described under the GDPR, subject to certain exceptions. If we need to delete personal data related to you following your request, it can take time until we completely delete residual copies of personal data related to you from our active servers and from our backup systems.

If you exercise one (or more) of the above-mentioned rights, in accordance with the provisions under the law, you are entitled to request to be informed that third parties that hold personal data related to you, in accordance with this privacy policy, will act accordingly.

• You are entitled to request the transfer of personal data related to you in accordance with your right to data portability.
• You are entitled to object to the processing of personal data related to you, for example in relation to direct marketing.
• You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affecting you.
• You have the right to obtain a copy of or access to safeguards under which personal data related to you is transferred outside of the EEA.
• You have a right to lodge a complaint with a data protection supervisory authority.

We will look into your query and make good-faith efforts to resolve any existing or potential dispute with you. Note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location. We will ask you to provide us credentials to make sure that you are who you claim to be and will further ask you questions to understand the nature and scope of your request.

Where we process personal data as part of the Service, as a data processor of our users, we are committed to assist our data controllers to fulfil the abovementioned rights under the GDPR.

If you have any concerns about the way we process personal data related to you, you are welcome to contact our privacy team at dpo@atriis.com or write to us: 14 Halamish St., 3079896 Casarea, Israel.

CHANGES TO THIS PRIVACY POLICY 

From time to time, we will need to update this Policy. If the updates have minor if any consequences, they will take effect 7 days after we post a notice on the Site or Service, or after we send you the notice through email. Substantial changes will be effective 30 days after we initially posted Our notice.

Continuing to use the Service after the new policy takes effect means that you agree to the new policy. Note that if we need to adapt the policy to legal requirements, the new policy will become effective immediately or as required.

CONTACT US

If you have any comments or questions regarding our Policy, or if you have any concerns regarding personal data related to you held with us, or if you wish to make a complaint about how personal data related to you is being processed by Atriis, you can contact us at dpo@atriis.com.

If you are an EEA resident and have any concerns about the way we process personal data related to you, you are welcome to contact our representative in the EU at: dpo@atriis.com, or at: Mr. Kai-Gordon Weiland, located at Borngasse 26, 67551 Worms, Germany. We will look into your inquiry and make good-faith efforts to respond promptly.

---