Last updated: December, 2019

Tel Aviv Museum of Art (the “Museum”) is a Public Benefit Company, registered in the state of Israel with company identification number 520002320.

The Museum is located on 27 Sderot Sha'ul HaMelech, Tel Aviv-Yafo.

The Museum is the owner of a web and mobile platforms which will provide users and visitors updated information for upcoming events and exhibitions, taking users to guided tours through some of the Museum’s events, allow users with accessibility issues to experience art through visual and audio aids, sell online merchandising and tickets to events and exhibitions, provide art related content and general information about the Museum and its services (the “Services”).

To enable the Museum to provide you (“You”, “User”) the Services, the Museum may store and process for the purpose of executing the Services User’s Personal Information.

This Privacy Policy discloses the User’s personal information which is collected, processed and stored while using the some of the Services.

Personal Information“– any information which may identify a person, directly or indirectly, in reference or specific, mainly information which relates to a specific person such as identification or passport numbers, financial data, medical data, location information, and other information which is considered as personal information.

The use of the Services is subject to the full acceptance of the Terms of Use (the “Terms”). This Privacy Policy is an integral part of the Terms and will apply by the Museum while using the Services.

The Museum provides the Services, which may rely also on cloud based services, by using third parties’ providers and sub-contractors (“Third Parties”). A list of the third Parties which are used by the Museum, in order to provide the Services are listed below.

By accepting the Terms, User acknowledges that each one of the Third Parties privacy policies, have been reviewed by the Museum and approved to comply with the Museum’s Privacy Policy herein.

To be able to connect to the Services, or some of the features included in the Services, User may be required to create a User’s verified account to enable the use of the Services, or to enable the use of one of the Services features. You may find information about each Service and upon accepting the Terms, You may register to that Service.

Not all Services provided by the Museum require User’s registration. User will be required to provide Personal Information only for Service feature that cannot be provided without User’s Personal Information. Such Service features may include payment through ticketing services, newsletter registration, and any other feature which is available, or may become available from time to time.

Any feature provided within the Services, which will require You to provide Personal Information, will also require You to approve and accept the Terms for such feature.

WHILE USING THE SERVICES, USER MAY BE ASKED TO PROVIDE INFORMATION, WHICH MAY BE REGARDED AS PERSONAL INFORMATION AND LOCAL PRIVACY LEGISLATION MAY APPLY ON SUCH PERSONAL INFORMATION WHICH IS STORED OR PROCESSED, WHILE USING THE SERVICES.

PERSONAL INFORMATION MAY BE STORED AND DOCUMENTED ON VIDEO / AUDIO FILES, PHOTOGRAPHS, LOCATION DATA, MEDICAL DATA, FINANCIAL DATA AND ANY OTHER INFORMATION WHICH MAY BE PROCESSED FOR THE PUPROSE OF WHICH SUCH PERSONAL INFORMATION IS REQUIRED.

THIS PRIVACY POLICY REFERRS TO THE INFORMATION WHICH IS COLLECTED BY THE MUSEUM AND THE SERVICES AND WILL NOT APPLY ON USER GENERATED CONTENT, IN CASE SUCH CONTENT WILL BE GENERATED IN A SERVICE FEATURE WHICH MAY BECOME AVAILABLE WITHIN THE SERVICES FROM TIME TO TIME.

Collected Personal information

  1. From visitors on the Museum’s website and on the mobile apps we may collect:
    a. IP and browser information
    b. Client device information
  2. From Registered Users, for the Services, we may collect also:
    a. All information collected from visitors in section 1
    b. Full name
    c. Home/Office address
    d. Email
    e. Telephone
    f. Login & Passwords
    g. User Generated Content – when applicable
    h. Any Personal Information which may be, or may become, relevant for the purposes which the Personal Information is required to provide the Service.
  3. Why we collect User’s Personal Information:
    a. The use of some of the Services features require Users to provide Personal Information which allow the Services to recognize registered User’s history, preferences and to create a valid User account
    b. A valid updated User’s account provides User a personalized interactive use of the Services
    c. Provide User with full access to features of the Services and offer support
    d. Allow the Museum to provide User with commercial offers, orders, invoices, forms, surveys, newsletters, guided tours, notifications and updates

Personal Information Retention

4. The Museum does not store Personal Information for more than required to provide User with the Services. Retention periods may vary, depending on the categories, the Personal Information is related to.

Data Processing Policy

5. The Museum complies with local privacy legislation and it will process Personal Information according to its Data Processing Policy. The Museum may amend its’ Data Processing Policy from time to time without any prior notice.

Recipients

6. The Museum may share User’s Personal Information with business partners for promotion and marketing of the Services which may be offered to Users, based on User’s account profile.

Cookies and Pixel-Tags

7. Cookies are text files stored and used to record data. Such data may include Personal Information or non-Personal Information which provides data about the User’s browsing and the use of the Services. Cookies may remain at User’s device after logging off from the Services to be used on User’s repeating entrances to the Services.

8. Pixel-Tags are used to identify and track the User’s usage of the Museum’s website and interaction with the Museum’s distributed emails. Pixel-Tags (also referred as web-beacons) are not stored on the User’s device

Data Security

9. The Museum undertakes to ensure the security and protection of User’s Personal Information, that User consented the Museum to store and process.

Third Parties’ Services

10. For the purpose of executing the Services, the Museum uses third parties’ services and platforms. An updated list of the Third Parties (“Sub-Contractors”) platforms and services is listed below the Data Processing Policy document (Annex A) and User’s responsibility to verify that Sub-Contractors process Personal Information in a manner which does not breach any of the User’s Data Subjects rights.

11. The Museum may replace or cancel any Sub-Contractor’s service according to the Services requirements. The Museum will use Sub-Contractors services which are adequate to the Museum’s Data Processing Policy.

Links to Third Parties service platforms

12. The Museum may present to Users while using the Services, links to Third Parties service platforms which are not controlled by the Museum and therefore the Museum is not responsible to any of the content which is presented on Third Parties service platforms. Third Parties platforms may collect Personal Information from Users and the Museum will have no liability of the Personal Information protection policies and practices which are taken by Third Parties service platforms.

Contact

13. If User has any reason to believe that the security of User’s Personal Information has been compromised or that User’s Personal Information was misused, User should contact the Museum promptly at yifatK@tamuseum.com.

14. For any additional inquiries concerning the Museum’s Privacy Policy, or to Opt Out from part, or all of the Services, or to execute User’s legal rights, You may approach our customer service at yifatK@tamuseum.com which will respond and cooperate to provide Users with the assurance that User Personal Information is protected and used only for the purpose of the Services.

15. If a major change is expected to this Privacy Policy which may affect the current legal rights of the Services Users, the Museum will inform Users via email messages or while logging into the Services, or in any other mean the Museum will consider as appropriate at the time.

Annex - Data Processing Policy

Tel Aviv Museum of Art (“the “Museum”) welcomes you (the “User”, or “You”, or “you”) to our online web and mobile application platforms (the “Services”)

This Data Processing Policy and its exhibits apply to the processing of Personal Data by the Museum on behalf of a User, in order to provide, among others, cloud services and third party’s platforms, as agreed by the User and according to the Terms of Use (“Terms”) and to the Museum’s Privacy Policy.

Data Processing

1. User is the sole controller of the User’s personal information and User agrees to the processing of User’s Personal Data by the Museum, as set out in this Data Processing Policy. User appoints the Museum as Processor for the mean of processing User’s Personal Data.

2. Categories of Data subjects, type of User’s personal data and the processing activities are set out in the applicable Exhibit for the Museum’s applicable service, the duration of the processing of User’s personal data corresponds with the duration of the service provided by the Museum, the purpose of the processing of Personal Data reflects the provisions of the Services provided to the User.

3. The Museum will process User’s personal data according to the scope of services provided to the User by the Museum, as set out in the Terms of Use.

4. The User will be the only point of contact for the Museum and User will be regarded as the only Controller of the User’s Personal Data.

5. The Museum will take measures to comply with the European General Data Protection Regulation (“GDPR”) in respect of the Services applicable to the User. The Museum will not be responsible for determining the applicable privacy protection legislation of the User and User approves that the Museum’s Services meets the requirements of such legislation. User is responsible for the lawfulness of the processing of User’s Personal Data. User undertakes to not use the Services if such Services breach any applicable Data Protection Legislation.

Sub-Processors

6. The Museum may engage with subcontractors to execute the Museum’s undertakings under the Terms of Use. The Museum will ensure that all subcontractors which are deemed as Sub-Processors are taking the security measures as the Museum, with regard to User’s Personal Data processed, or stored on Third Parties digital platforms and physical infrastructures. A list of current subcontractors engaged with the Museum, is annexed to this Data Processing Policy. The Museum may update the list of subcontractors from time to time and without notice.

7. If a User disapproves the use of a specific subcontractor used by the Museum, He / She may inform the Museum with a written notice, and the Museum will reply within reasonable time if that specific subcontractor may be replaced for the User’s needs, or that User may consider terminating the use if the Services, or part of the features within, if such usage contradicts User’s applicable legislation.

Cross-border data transfer and data processing

8. The Museum may use, for the purpose of its’ Services, subcontractors and/or Sub-Processors which are established outside of the EU countries, by implementing the EU Standards Contractual Clauses and only to countries considered by the EU commission to have adequate protection of Personal Data.

Certification – Data Security

9. The Museum takes the required security measures on its platforms and applications. User is responsible for executing security measures to protect User’s personal data and to comply with privacy legislation in User’s territory. The Museum implemented Data Security procedures and policy, as required by the Privacy Protection legislation in the state of Israel.

10. The Museum will take organizational measures and will conduct technical maintenance actions to ensure a level of security appropriate to the risk of the Museum’s scope of Services. The Museum keeps its right to change and update those measures, provided that the security and functionality of the Services are not degraded.

11.User confirms that the Museum’s security measures provide User the appropriate level of protection for the User’s Personal Data, in consideration with risks associated with the User’s Personal Data.

Data Subjects Rights

12. The Museum will respond to User’s requests to exercise their legal Data Subjects Rights, such as amending the User’s data or deletion of User’s data or any other Data Subject Right according to privacy legislation. User will have reasonable cooperation by the Museum to comply with data subjects rights.

13. The Museum will not share User’s Personal Data with Third Parties unless the Museum instructed in writing by User or required to do so by law. The Museum will notify User about disclosure requirements received from Third Parties and authorities, unless the Museum was ordered otherwise.

Breach Notification

14. The Museum will notify User as it become aware of Personal Data breach with regard to the User’s personal data, controlled or processed by the Museum or with regard to the Services provided by the Museum to User.

15. The Museum will act, with regard to Breach Notification to the Authorities, as it will be instructed to by the User, or by any law as will apply on the Museum in a specific personal data breach event.

16. The Museum will investigate any User’s Personal Data breach and will notify the User of such investigation’s results.

17. User will notify the Museum of any personal data breach, which User becomes aware of, and the Museum will assist the User to investigate the personal data breach, with regard to the Services provided to the User on the Museum’s network infrastructure and platforms.

Confidentiality

18. The Museum will verify that any of the Museum’s employees and Sub-Contractors which have access to User’s Personal Data, signed with the Museum a confidentiality agreement with regard to User’s Personal Data.

Data Deletion

19. The Museum does not retain personal information other than for the purpose of the Services it provides. If for any reason User wishes to modify or delete User’s Personal Information, request needs to be sent to:yifatk@tamuseum.com and Museum will make reasonable efforts to modify or delete any such Personal Information pursuant to any applicable privacy laws within reasonable time.

20. Unless instructed otherwise Museum may retain User’s Personal Information for a period of no longer than seven (7) years since User’s last use of the any of the Museum Service.

21. Upon User’s request to delete Personal Information, Museum may depersonalize User’s Personal Information, instead of deleting it, for the purpose of enhancing and improving the Museum’s Services,

22. Some information may not be deleted in order to keep the integrity of the Museum’s system, but the information will be stripped off any Personal Information linked to such information and having such data be anonymized.

23. Following a request to the Museum by User to: (i) delete any Personal Information or (ii) delete Personal Information data from the Service’s interface or (iii) terminate a User’s account, an automated process will begin that permanently deletes the User’s Personal Information in accordance with the timelines set forth in the tables below. Once begun, this process cannot be reversed and data will be permanently deleted, or data will be stripped from any personalized information and shall be kept in an anonymized manner.

Type of Data Timeline for Deletion (after deletion process begins) for Cancellation, Termination or Migration
Backups 365 days
Logs 365 days

List of current Sub-Contractors engaged with the Museum / Third Parties Platforms used for the Website or App
(updated December 2019):

  1. ActivTrail
  2. SmarTicket
  3. PELECARD
  4. PayPal
  5. Google Cloud
  6. Windows Azure
  7. Espro Acoustiguide Group

Contact

Any inquiries or clarifications concerning the Terms, or the Website or App, can be sent to the Museum by email to the following address:
yifatk@tamuseum.com

The Museum will make an effort to reply to such notice within a reasonable