PRIVACY NOTICE

We, at Elad Software Systems Ltd, are committed to respecting our customers’ and their users’ privacy, protecting their personal information and making sure it is used properly by us. This privacy notice explains the principles of our privacy practices for processing personal information on our service: what information we collect, how we collect it, what we do with it, how we protect it, and your rights regarding your user's information.

- We collectboth personal data (which may identify an individual) and anonymized data (which does not identify an individual) about our customer's uses, when the customer is interacting with its users, while using our service.

- We use such information for the provision of our service, to communicate with our customer and improve its usage experience, and to comply with applicable law. We maintain technical and administrative security measures to protect our customers and their user's information.

- We use and/or transfer the information in the EEA and/or in Israel, whether by ourselves or by third party's acting on our behalf (who are committed for the security of the information).

- We have no direct relationship with our customer's users. Our customers are the controller of their user's information, and are responsible to address any of their user's request. Our customers may request to access, receive a copy of, update, amend, delete orlimit the use of the User's personal data by sending us a request.

- We may keep user's personal data as long as the customer is using our service, and unless restricted by applicable law, we may retain anonymized data indefinitely.

For further information, you can access our full privacy policy, where you can inter alia find specific examples of why and how we use your users’ personal information. Our full privacy policy is available at: https://app.simplechat365.com/privacy-policy. If you have further questions please contact SimpleChat@elad.co.il .

FULL PRIVACY POLICY

PREAMBLE AND DEFINITIONS

1.1. Elad Software Systems Ltd. (“Elad”, “we”, “our” or “us”) provides this full privacy policy, as may be updated from time to time according to the terms set forth herein (our “Policy” or “ Privacy Policy ”), to inform you (the "Customer" or "you" or "your") of our policies and procedures regarding the way we collect, use and disclose the information we collect and/or otherwise receive when you are using the Service (as defined in our Subscription Service Agreement, which are available at: https://app.simplechat365.com/terms-of-service, which may also include information about your Users.

1.2. Please note that parts of our Privacy Policy may be implemented in ways that differ for European data subjects and Israeli data subjects.

1.3. Definitions :

1.3.1. " Anonymized Data " - means information that does not personally identify you, (or your Users) and does not reveal your (or your Users’) specific identity as an individual and/or cannot be attributed to you (or your Users).

1.3.2. " Applicable Law " - means the Israeli Law and the GDPR, together.

1.3.3. " App Source Store " - means the Microsoft virtual App Source store where the Service can be downloaded from.

1.3.4. The terms "Controller" or "Owner of Database"; "Processor" or " Holder of Database "; and "Consent" - shall have the meanings ascribed to them under Applicable Law.

1.3.5. " Customer's Client " or "Users" - means Customer's data subjects who connect and/or otherwise interact with the Customer through one (or more) of the Customer's communication channels (such as Customer's website, Customer's social network, SMS etc.), in order to receive certain Customer's services .

1.3.6. " Customer's Client Information " or "User Information" - means a User who's Information is provided and/or loaded to the Customer's communication channels by the User, and collected and/or otherwise generated by us in the course of Customer's use of the Service .

1.3.7. "GDPR" - means the General Data Protection Regulation (EU) 2016/679, as amended, replaced or superseded from time to time.

1.3.8. "Information" - means Personal Data and Anonymized Data, together.

1.3.9. " Israeli Law " - means the Israeli Privacy Protection Act (1981) and any applicable regulations promulgated thereto (including any amendments to such Act or such regulations) and binding guidelines issued by the Privacy Protection Authority in Israel, all - to the extent applicable to the Processing of Personal Data under this Privacy Policy.

1.3.10. " Personal Data " - means any information relating to an identified or identifiable natural person (‘data subject’), or details that identify a data subject or could be used to identify a data subject (such as name phone number, etc.), or as otherwise defined in the Applicable Law.

1.3.11. "Process" - means any operation or set of operations which is performed by Elad (and/or by any third party's acting on its behalf) on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.3.12. "Website" - means our designated website (which is available at https://www.simplechat365.com, where Customer can place an Order (as defined in our Subscription Service Agreement ) to purchase the Service. The Service can be finally downloaded from the AppSource Store.

WHEN DOES THIS PRIVACY POLICY APPLY

2.1. This Privacy Policy applies to the Processing of Personal Data by Elad, when you use the Service. This Privacy Policy concerns the following categories of Information that we collect when providing the Services :

2.1.1. Personal Data about the Users (as a result of Customer's use of the Service), that we may Process (to the extent we have access to it) due to your relationship with us as a Customer for the provision of the Service, or as a potential customer;

2.1.2. Anonymized Data we collect and/or generate and/or provided to us and/or received by us, all, in the framework and in connection with the Service.

2.2. This Privacy Policy does not apply to any services provided by us, which are outside the scope of the Service, which may be subject to separate terms (including separate privacy policies).

THE TYPES OF PERSONAL DATA WE COLLECT

3.1. In order to perform the Service we have been engaged to provide, we need to obtain Personal Data about your Users (as a result of your use of the Service). Therefore, we may collect and Process the following Personal Data:

3.2. Personal Data that You (via your Users) Provide Us :

3.2.1. When a User is connecting and/or otherwise interacting with you through any of your communication channels (as designated by you), the Service requires us to get access to certain Personal Data about such User.

3.2.2. The channels according to which such Customer's Client is approaching you will determine the kind of Personal Data we might ask and/or collect:

3.2.2.1. To the extent the communication channel is a social network - such Personal Data may include (by way of a non-exhaustive list): profile name, User's unique identifier in the respective social network, and any other Personal Data that the User may provide in such channel (to the extent provided);

3.2.2.2. To the extent the communication channel is cellular device (by sending SMS) - such Personal Data may include (by way of a non-exhaustive list): User's phone number, and any other Personal Data that the User may provide in such channel (to the extent provided);

3.2.2.3. To the extent the communication channel is through Customer's web-chat - such Personal Data may include (by way of a non-exhaustive list): User's IP address, the specific page were the User's visited, and any other Personal Data that the User may provide in the web-chat (to the extent provided).

3.2.2.4. Through any of the channels mentioned above, we may receive from You Special Categories of Personal Data (as defined in Article 9, GDPR) relating to Users. You represent that you minimize the Special Categories of Personal Data transmitted through the messages that you send through our services and that you have obtained all necessary consents for the processing of such Personal Data by us.

3.3. The Types of Personal Data we Collect or Generate from you (via your User's interaction with you)

In addition to the Personal Data that you provide us when your Users are contacting with you via your communication channel, we may collect or generate certain Personal Data, which may change based on the channels the Users are contacting you. Such Personal Data may include (by way of a non-exhaustive list): User's interaction with you, Internet Protocol address, the User's interactions/clicks and browsing history in the Customer's website. We may use or implement certain technologies in the Service, in order to obtain such data, as detailed in section ‎‎3.4.2 below.

3.4. Personal Data we Obtain from other source :

In addition to Personal Data collected according to sections ‎3.2 and ‎3.3 above, we may obtain Personal Data from other sources:

3.4.1. Third parties . We may obtain Personal Data from public information that we collect as part of the Service from third party sites such as "Facebook", "Twitter", or any other means.

3.4.2. Technological Tools . We may use "cookies" (or other similar tools) for the purposes set forth below. A "cookie" is a small data file that we transfer to the User's device storage, which creates a unique identifier (generated randomly), in order to identify the User (once the User has completed the Customer's identification process) in its future interaction with the Customer in the Customer's communication channels. The User can instruct its browser, by changing its options, to stop accepting cookies or to prompt User before accepting a cookie from the web-chat User visits. If the User do not accept cookies, User will still be able to interact with the Customer but will not be automatically recognized as an existing User and will be required to go through the Customer's identification process, if such exists.

HOW WE USE PERSONAL DATA

We will use the User's Personal Data we collect and/or otherwise generate for one (or more) of the primary purposes as set forth below (as may be updated from time to time):

4.1. Provide Customer the Service, including (without limitation), allowing Customer the ability to interact with its Users via the Customer's communication channels;

4.2. To provide Customer with service announcements and further administrative information regarding your use of the Service;

4.3. Monitor and analyze Customer use of the Service (including its interaction with its Users), communicate with you, personalize your experience with the Service, better understand your needs and obtain your feedback regarding the Service;

4.4. For the technical administration and troubleshooting of the Service and to provide support and maintain the Service;

4.5. To enforce our Subscription Service Agreement with you (which are available at: https://app.simplechat365.com/terms-of-service, policies and other contractual arrangements, to comply with Applicable Laws, court orders and warrants, and prevent misuse of the Service, and to take any action in any legal dispute and proceeding;

4.6. To disclose or transfer it to third party vendors, service providers, contractors who are working on our behalf with respect to the Services (including, without limitations, for hosting and/or back up purposes);

4.7. As otherwise authorized by you.

LEGAL BASIS FOR PROCESSING

5.1. We obligate not to Process Personal Data, unless there is a lawful basis for such Process. The legal basis will depend on the reason or reasons we collected and need to use Personal Data. In almost all cases the legal basis will be:

5.1.1. Processing of Personal Data is necessary in order to perform a contract to which you are a party to, or in order to take steps at your request prior to entering into a contract. It means that we may need such Personal Data to provide you with the Service and otherwise perform our agreement we have with you. For example, we need to Process User's Personal Data to enable you to interact with your Users, send you informative and operational notices with respect to the Service, etc.;

5.1.2. Processing the Personal Data is required for fulfilling our or a third party’s legitimate interests. It means that there is a legitimate interest to use the Personal Data in relation to our Services. For example, we retain historical information about your use of the Service to defend ourselves in legal procedures;

5.2. It is hereby clarified that the legal bases detailed in Sections ‎5.1 above are the legal basis for actions to process Personal Data, carried out by us in accordance with the GDPR. If processing of Personal Data is subject to other applicable laws, then the legal basis for processing Personal Data may differ according to those applicable laws.

SHARING PERSONAL DATA WITH OTHERS

We do not sell, rent or lease Personal Data, However, as part of the Process activity, we may share, disclose and/or otherwise transfer the Information to third parties, for the following purpose:

6.1. With third party service providers (such as cloud service providers, subcontractors, consultants) which assist us in the operation and the on-going activity of the Service. These third parties will be subject to appropriate data protection obligations, and they will use the Personal Data as described under this Privacy Policy.

6.2. To the extent required in order to comply with any Applicable Law or legal requests and assist law enforcement agencies. We may further disclose Personal Data we believe in good faith that it is necessary to prevent imminent physical harm, financial loss or to report suspected illegal activity. In all cases, such Personal Data will only be disclosed in accordance with applicable laws and regulations ;

6.3. To take any action in any case of dispute involving you with respect to your usage of our Service; and

6.4. In connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.

INTERNATIONAL TRANSFER OF PERSONAL DATA

7.1. We may use or transfer Information in or to various sites worldwide, including through cloud based service providers worldwide. The Information will be sued and/or transferred in the EEA .

7.2. Where the GDPR applies, if and to the extent we transfer Personal Data outside the EEA for the provision of the Service, we ensure that it is protected in a manner consistent with the GDPR (for example, the country we send the Personal Data was approved by the European Committee as providing adequate level of protection to Personal Data (such as Israel); or the recipient signed a contract based on the "standard contractual clauses" approved by the European Committee; or the recipient is located in the US and is certified by the EU-US Privacy Shield, or other circumstances the law permits us to transfer your Personal Data outside the European Union). You can obtain more details of the protection given to Personal Data when it is transferred outside Europe (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us as described in Section ‎ 16 below.

7.3. Where the Israeli Law applies, if and to the extent we transfer Personal Data outside the EEA for the provision of the Service, you hereby provide us your informed and express consent for such transfer, for the provision of the Services. By using the Services, you also confirm that you obtained the required consents from your Users for such transfer. We will ensure that the Personal Data is protected in a manner consistent with the Israeli Law.

YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA .

8.1. In all of the above cases in which we collect or use Personal Data, subject to the provisions under Applicable Law, you may have the following rights, and in most cases, you and/or your Users can exercise them free of charge. Please note that your rights may differ and may be implemented differently according to the Applicable Law:

8.1.1. At any time, you may contact us at: SimpleChat@elad.co.il and request to know what Personal Data we keep about your Users. We will make good-faith efforts to locate the data that you request to access.

8.1.2. Under your right of access, you may obtain confirmation from us of whether we are Processing Personal Data related to your Users, receive a copy of that data, so that you could verify its accuracy and the lawfulness of its Processing, request the correction, amendment of the data if it is inaccurate, incomplete, outdated, deletion (in some circumstances) or processed in violation of Applicable Law.

However, we may retain certain information as deemed required by us in accordance with Applicable Laws, or for legitimate business reasons, for the duration as required under Applicable Laws.

8.1.3. You can also ask us to transmit the Personal Data provided to us to a third party, under the circumstance covered under the GDPR (to the extent required by the User).

8.1.4. For the avoidance of doubt, you recognize that you are the Controller in respect of your Users' Personal Data and you are responsible for handling all Users' requests and rights made in accordance with the Applicable Law in regard to their Personal Data.

8.2. We obligate to make all reasonable efforts to respect your requests as soon as practically possible (unless we require further information from you in order to fulfil your request), subject to legal and other permissible considerations.

RETENTION PERIOD

9.1. We retain different types of Information for different periods, depending on the purposes for Processing the Information, our legitimate business purposes as well as pursuant to legal requirements under the Applicable Law.

9.1.1. We may retain Personal Data for as long as necessary to provide the Service, and for other legitimate business purposes as detailed in the Privacy Policy. In any event, as long as you use the Service, we may retain Personal Data , unless we are legally required to delete it, or if you seek to exercise your rights to delete the Personal Data. It should be clarified that You are the Controller of your Users' Personal Data, You are responsible for setting policy of how to retain or delete your Users' Personal Data as required by Applicable Law, and to implement such policy as required under Applicable Law.

9.1.2. Unless otherwise restricted under applicable law, Anonymized Data will be retained indefinitely.

ANONYMIZED DATA

10.1. In addition to the categories of Personal Data described above, we may also Process Anonymized Data, in the types, scope and for the purposes as set forth below:

10.1.1. Types of Anonymized Data we collect : we may collect Anonymized Data, which may change due to the channels according to which such Customer's Client is approaching you. Such Anonymized Data may include (by way of a non-exhaustive list): technical informationabout the User's technical device (such as device model, operating system version); network identifier; browser type, etc.

10.1.2. Why we collect Anonymized Data : We collect Anonymized Data for the provision of the Service, and for protection of the Services from unauthorized access or use, unlawful processing, preventing viruses or hacker, etc.

10.1.3. How we collect Anonymized Data : In order to collect and use Anonymized Data, we may use certain technological tools.

10.1.4. How we use Anonymized Data : We may use Anonymized Data for the same purposes we use Personal Data (where applicable), and in addition in order to (i) compile anonymous or aggregate information, (ii) disclose to third party vendors, service providers, contractors or agents who perform tasks on our behalf in connection with the Services, (iii) monitor and analyze use of the Services and for the technical administration and troubleshooting of the Services, and (iv) provide us with statistical data for legitimate business purposes including for testing, development, improvement, control and operation of the Services.

10.1.5. Sharing Anonymized Data . We may share Anonymized Data with third parties on our behalf. It has no effect on your or your Users’ privacy, because there is no reasonable way to extract Personal Data from the aggregated information that can be associated with you or your Users.

10.2. It is hereby clarified that if and to the extent any Anonymized Data detailed under section 11 is or will be considered under Applicable Law as Personal Data, we will not use it without receiving your opt-in Consent and/or other have lawful basis for such Process activity.

SECURITYMEASURES .

11.1. We take the safeguarding of the Information very seriously, and use a variety of methods to try to protect the Information from loss or unauthorized use or access when it is in our possession or control, including reasonable technical and organizational measures which restrict access to the Information. However, we do not promise that any Information will be fully protected from unauthorized disclosure or use.

11.2. Please note that Elad does not check the channels according to which you interact with your Users. You should take steps to protect your communication channels with your Users (including any personal and/or confidential and/or sensitive information contained in it).

OURPOLICY TOWARDS CHILDREN

Our Service is designated for business, not for individuals. As such, the Service is not meant to be used by or for persons under 18, and we do not knowingly collect Personal Data from minors younger than 18. As a Controller of your User's Personal Data, it is hereby clarified that insofar as Personal Data may be collected based on your or your Users’ consent, it is your responsibility to ensure that the data subject must be above the age of 16 (or above the age of 13 if this is the legal requirement in your country). If these age requirements are not met, you are required to obtain the consent of the parent or guardian to provide and process information in accordance with this Policy; lacking such consent, we will not supply you with Service.

CHANGESTO THE PRIVACY POLICY

13.1. We may change the terms of this Privacy Policy from time to time. We will provide seven (7) day advance notice in the Website, prior to uploading a new Privacy Policy, and we will also send e-mail to the Customer, seven (7) days prior to such change. However, substantial changes will be effective thirty (30) days after the notice was initially posted. We will make an effort to inform you of substantial changes through the channels of communication generally used in such circumstances, and subject to the requirements of Applicable Laws - to obtain your consent.

13.2. If we need to adapt the Policy to legal requirements, the amended Policy will become effective immediately or as required.

13.3. Your continued use of the Service following such notice shall constitute your consent to any changes made and a waiver of any claim or demand in relation to such changes. If you do not agree to the new or different terms, you should not use and are free to discontinue using the Services.

APPLICABLELAW AND DISPUTE RESOLUTION

This Privacy Policy shall be governed by and construed in accordance with the laws of the state of Israel, excluding its choice of law principals . Disputes arising in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts in Tel-Aviv, Israel.

CONTACTUS .

15.1. For further information about this Policy, please contact our Product Manager at EfratGi@elad.co.il .

15.2. We work hard to handle your information responsibly. If you are unhappy about the way we do this, please contact us (see details in section ‎16.1 above), and we will make good-faith efforts to address your concerns. When the GDPR applies, if you are not satisfied with theresponse you receive from us or you think that your or your User's rights have been infringed by us, you may escalate your concerns to the applicable privacy regulator in your jurisdiction. Upon request, we will provide you with the contact information for that regulator. However, we recommend you contact us first - and we will do our best to solve any complaint.

Last Updated: April, 2019