This US Privacy notice (“US Privacy Notice”) applies to Magenta Medical Ltd. website visitors (“consumers” or “you“) who are California, Virginia, Nevada, Connecticut and Colorado residents, in accordance with the following data protection laws to the extent applicable – the California Consumer Privacy Act of 2018 as amended and revised by the California Privacy Rights Act of 2020 (“CPRA” and collectively “CCPA“), the Virginia Consumer Data Protection Act (“VCDPA”), the Nevada Privacy of Information Collected on the Internet from Consumers Act (“NPICICA“), the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (“CTDPA”) or the Colorado Consumer Protection Act (“CPA”) (collectively “Data Protection Law(s)“).
This US Privacy Notice applies to Consumers’ Personal Information, which we collect directly or indirectly while using our website.
This US Privacy Notice is an integral part of our Privacy Policy. Any capitalized terms not defined herein shall have the meaning ascribed to them under the Data Protection Laws or the Privacy Policy. The terminology used in this US Privacy Notice is consistent with the definitions and terminology of the CCPA, and in relevant circumstances, shall be interpreted in accordance with the corresponding terms of the applicable Data Privacy Laws.
Part I: A Comprehensive Description of the Information Practices:
1) Categories of Personal Information We Collect
We collect Personal Information, which is defined under the Data Protection Laws as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device, all as detailed in the table below.
The definition of Personal Information under Data Protection Laws further includes Sensitive Personal Information (“SPI”) or Sensitive Data, as detailed in the table below. However, certain types of such data are excluded from the Data Protection Laws, including, without limitation: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; biometric data covered by the Biometric Information Privacy Act (BIPA); Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA), California Financial Information Privacy Act (FIPA) or the Driver’s Privacy Protection Act of 1994. Therefore, Patient’s data collected during the use of our websites and the System is excluded from the scope of this Notice.
The Company may have collected the following categories of personal information (as defined under the CCPA) from its website visitors within the last twelve (12) months:
A. Identifiers.
| Example | Collected |
|---|---|
| A real name, email, phone, address, online identifier, Internet Protocol address, email address, or other similar identifiers as detailed in the contact forms available on the website. | Yes Basic contact info (if collected through a form on the website), IP address, email address. |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
| Example | Collected |
|---|---|
| A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | Yes A name, telephone number, education, employment, employment history. |
C. Protected classification characteristics under California or federal law.
| Example | Collected |
|---|---|
| Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | Not Collected |
D. Commercial information.
| Example | Collected |
|---|---|
| Records of personal property, products or websites purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Not Collected |
E. Biometric information.
| Example | Collected |
|---|---|
| Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | Not Collected |
F. Internet or other similar network activity
| Example | Collected |
|---|---|
| Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | Yes Information regarding Visitor’s interaction with a website, application, or advertisement. |
G. Geolocation data.
| Example | Collected |
|---|---|
| Physical location, approximate location derived from IP address or movements. | Yes Approximate location derived from IP address. |
H. Sensory data.
| Example | Collected |
|---|---|
| Audio, electronic, visual, thermal, olfactory, or similar information. | Not Collected |
I. Professional or employmentrelated information.
| Example | Collected |
|---|---|
| Current or past job history or performance evaluations. | Yes In the event you are interested in joining our team or apply for a position posted on our website. |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
| Example | Collected |
|---|---|
| Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | Not Collected |
K. Inferences drawn from other personal information.
| Example | Collected |
|---|---|
| Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Not Collected |
L. Sensitive personal information.
| Example | Collected |
|---|---|
| Social security, driver’s license, state identification card, passport number, account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, precise geolocation, racial or ethnic origin, religious or philosophical beliefs, or union membership, the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication, genetic data, biometric data, information concerning health, sexual life or sexual orientation. | Not Collected |
2) Categories of Sources of Personal Information
Depending on the nature of your interaction with The Company, The Company collects the Personal Information as follows:
From website’s visitors:
- Provided by the visitor voluntarily in order to contact The Company.
- Automatically through The Company third party website providers – for example, in order to collect visitors’ IP address
From Job Applicants:
- Provided voluntarily and directly when the candidate files an application to a position.
- Automatically through The Company third party website providers – for example, in order to collect visitors’ IP address, or following the application from relevant recruitment agencies.
3) Use of Personal Information
We may use, or disclose the Personal Information we collect for one or more of the following business purposes:
- To fulfill or meet the reason you provided the Personal Information. For example, if you contact us with an inquiry and share your name and contact information, we will use that Personal Information to respond to your inquiry, review your CV considered for a job position, etc.;
- For security and fraud detection purposes, monitoring and to maintaining the safety, security, and integrity of our website and Platform;
- To improve our business operation, which includes, but is not limited to, analyzing which types of content should be provided as part of the website; marketing; analyzing your use of the website;
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
- As described to you when collecting your Personal Information or as otherwise set forth in the Privacy Policy .
We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
4) Disclosures of Personal Information for A Business Purpose
We may disclose your Personal Information to a contractor or service provider for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract. We further restrict the contractor and service provider from selling or sharing your Personal Information. In the preceding twelve (12) months, the Company has disclosed the following categories of Personal Information for a business purpose:
Category of Recipient: Cloud computing and storage vendors.
| Category (corresponding with the table above) | Business Purpose |
|---|---|
| Category A Category B Category F Category G Category I | Storage, hosting. |
Category of Recipient: Government entities/Law enforcement.
| Category (corresponding with the table above) | Business Purpose |
|---|---|
| Category A Category B Category F Category G Category I | Subject to a law requirement, such as tax authorities. |
Category of Recipient: Operating systems.
| Category (corresponding with the table above) | Business Purpose |
|---|---|
| Category A Category B Category F Category G Category I | Operating the Platform and website. |
Category of Recipient: Data analysis providers.
| Category (corresponding with the table above) | Business Purpose |
|---|---|
| Category A Category F Category G | Providing analytic data on the use of our website. We limit the providers’ ability to share such information, as detailed above. |
Category of Recipient: Marketing & promotions providers, CRM providers, social networks, advertising networks
| Category (corresponding with the table above) | Business Purpose |
|---|---|
| Category A Category B Category F Category G | Marketing which is not crosscontextual, ad delivery. |
Category of Recipient: Security service providers.
| Category (corresponding with the table above) | Business Purpose |
|---|---|
| Category A Category F | Debugging, security, fraud prevention. |
Category of Recipient: Customer support providers. Affiliated companies.
| Category (corresponding with the table above) | Business Purpose |
|---|---|
| Category A Category B Category F Category G Category I | Customer and technical support. |
5) Sale or Share of Personal Information
We do not “sell” information as most people would commonly understand that term, we do not, and will not, disclose your Personal Information in direct exchange for money or some other form of payment. We may “share” Personal Information for “interest-based advertising” or “cross-context behavioral advertising”. Data Protection Laws materially define “sharing” as “communicating orally, in writing, or by electronic or other means, a consumer’s Personal Information” to “a third party for cross-context behavioral advertising, whether or not for money or other valuable consideration”. In other words, we may share your Personal Information with a third party to help serve personalized content or ads that may be more relevant to your interests, and to perform other advertising-related services such as enabling our partners to serve such personalized content.
In the preceding twelve (12) months, we have “sold” or “shared” the following categories of Personal Information for a business purpose:
Category of Recipient: Ad-network and advertising partners.
| Category (corresponding with the table above) | Purpose of Sale or Share |
|---|---|
| Category A Category F Category G | Sale/Share for cross-context behavioral advertising. |
6) Children Under the Age of 16
We do not knowingly collect information from children under the age of 16.
7) Data Retention
In general, we retain the Personal Information we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to optout, where applicable.
The retention periods are determined according to the following criteria:
- For as long as it remains necessary in order to achieve the purpose for which the Personal Information was initially processed. For example, if you contacted us, we would retain your contact information at least until we address your inquiry.
- To comply with our regulatory obligations. For example, transactional data will be usually retained for seven years as of termination of engagement (or even more under certain circumstances) for compliance with our bookkeeping obligations purposes.
- To resolve any claim or a dispute, including any legal proceeding between us, until such dispute will be resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods.
Please note that except as required by applicable law, we will not be obligated to retain your data for any period, and we may delete it for any reason and at any time, without providing you with prior notice of our intention to do so.
PART II: YOUR RIGHTS UNDER THE DATA PROTECTION LAWS
(A) THE RIGHTS AND EXECRISING THEM
The Table below details rights which may apply to California, Virginia, Connecticut, and Colorado residents (Nevada related rights are separately detailed below):
| The right to know what Personal Information the business has collected and access rights. |
|---|
| The right to know what Personal Information the business has collected about the consumer, including the categories of personal information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information, and the specific pieces of Personal Information the business has collected about the consumer. |
| Deletion Rights. |
|---|
| The right to delete Personal Information that the business has collected from the consumer, subject to certain exceptions. |
| Correct Inaccurate Information. |
|---|
| The right to correct inaccurate Personal Information that a business maintains about a consumer. |
| Opt-Out of Sharing for CrossContextual Behavioral Advertising (“CCBA”) or from selling, where applicable. |
|---|
| You have the right to opt-out of the “sharing” of your personal information for “cross-contextual behavioral advertising,” often referred to as “interest-based advertising” or “targeted advertising.” You may opt out through the “do not sell or share my personal information” button available within the Website’s footer. You may opt out through device settings (opt-out from tracking AAID, ADID, please see the following for information applicable to all devices: https://thenai.org/opt-out/mobile-opt-out/). Further, you can opt-out from interest-based advertising, CCBA, by using Self-Regulatory Program for Online Behavioral Advertising such as: Digital Advertising Alliance’s (“DAA”): https://www.aboutads.info/choices and https://www.aboutads.info/appchoices, and the Network Advertising Initiative (“NAI”): https://www.networkadvertising.org/choices. Lastly, under some jurisdictions, you can join Global Privacy Control (“GCP”) or similar user-selected universal opt-out tools for opting out generally through your browser: https://globalprivacycontrol.org/. Our Consent Management Platform (“CMP”) will know to read all of these signals and ensure compliance with your request. |
| Opt-out of profiling activities |
|---|
| You may have the right to opt-out from profiling activities based upon your personal information that may have a legal or other significant impact on your rights, freedoms or status. |
| Non-Discrimination |
|---|
| The right not to receive discriminatory treatment by the business forthe exercise of privacy rights, including an employee’s, applicant’s,or independent contractor’s right not to be retaliated against for theexercise of their rights, denying a consumer goods or services,charging different prices or rates for goods or services, providing youa different level or quality of goods or services, etc. We may,however, charge different prices or rates, or provide a different levelor quality of goods or services, if that difference is reasonablyrelated to the value provided to us by your Personal Information. |
| Data Portability |
|---|
| You may request to receive a copy of your Personal Information,including specific pieces of Personal Information, including, whereapplicable, to obtain a copy of the Personal Information youprovided to us in a portable format. |
To exercise your rights please fill in this form to and sending it to us by mail: info@magentamed.com. We may not always be able to fulfill your request, and not all of these rights are applicable in every state or in every case. Where we are not able to provide you with the information which you have requested, we will endeavor to explain the reasoning for this and inform you of your rights, including the right to complain to the relevant supervisory authority. We reserve the right to ask for reasonable evidence to verify your identity before providing you with any such information per applicable law.
Note: In some cases, unless legally required otherwise, you may not exercise those rights more than twice within 2 years.
Nevada Residents Rights: Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and we will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests to info@magentamed.com.
(B) Authorized Agents
“Authorized Agents” may submit opt-out requests on a consumer’s behalf under certain Data Protection Laws. If you have elected to use an authorized agent, or if you were an authorized agent who would like to submit requests on behalf of a consumer, the following procedures will be required prior to acceptance of any requests. Usually, we will accept requests from qualified third parties on behalf of other consumers, regardless of either the consumer’s or the authorized agent’s state of residence, provided that the third party successfully completes the following qualification procedures:
- When a consumer uses an authorized agent to submit a request to know or a request to delete, a business may require that the consumer do the following:
- Provide the authorized agent’s signed permission to do so or power of attorney.
- Verify their own identity directly with the business.
- Directly confirm with the business that they provided the authorized agent’s permission to submit the request.
- A business may deny a request from an authorized agent that does not submit proof that they have been authorized by the consumer to act on their behalf.
(C) Response Time and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require additional time (up to an additional forty-five (45) days), we will inform you of the reason and extension period in writing by mail or electronically, at your option. If we determine that the request warrants a fee, we will tell you why we made such a decision and provide you with a cost estimate before completing your request.
For Virginia, Colorado and Connecticut Residents: If we denied a request, you may appeal our decision, and within 45/60 days of our receipt of your appeal (depends on your state of residency), we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to your state of residency’s Attorney General:
- Virginia at https://www.oag.state.va.us/consumercomplaintform.
- Colorado at https://coag.gov/file-complaint/.
- Connecticut at https://portal.ct.gov/AG/Common/Complaint-Form-Landing-page.
(D) Notice Of Financial Incentive
We do not offer financial incentives to consumers for providing Personal Information.
DO NOT TRACK SETTINGS AND SHINE THE LIGHT LAW FOR CALIFORNIA RESIDENTS
Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the “Do Not Track” settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we so not respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit: www.donottrack.us.
Further, California’s “Shine the Light” law (Civil Code Section § 1798.83), permits employees that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send us the Data Subject Request Form available HERE.
CONTACT US:
- By Email: info@magentamed.com; or
- By Mail: 1 Ha’Ofeh Street, P.O.B. 5035, Kadima 60920, Israel
UPDATES:
To the extent necessary under applicable law, we will update this US Privacy Notice at least every 12 months. The last revision date will be reflected in the “Last Updated” heading at the top of this US Privacy Notice.