Arbox Privacy Policy

At Arbox Ltd. (referred to as “Arbox,” “us” or “we”), we recognize the importance of your privacy and have implemented this version of our Privacy Policy (“Privacy Policy“) to describe how we process Personal Information via your use of our website and mobile applications, as well as related products and services we may offer to you. Please read this Privacy Policy carefully to understand how we process your Personal Information. By using the Services you freely agree to how we process Personal Information and this Privacy Policy.

By using the Services, you acknowledge and freely agree that your Personal Information will be collected and processed as described in this Privacy Policy. You are not legally required to provide us with your Personal Information. If you do not consent to the collection or processing of your Personal Information, we may be unable to provide you with certain features of the Services, and in some cases, may be unable to provide access to the Services altogether. For example, if you do not share your phone number or email address we won’t be able to open a user account for you in the app. If you do not agree with how we process your Personal Informaiton please do not use our Services.‍

Definitions

1. “Admin Data”: means information collected from the focal point at our customer who is responsible for adnimistering the Arbox platform. For example, a gym owner, acting as the controller with respect to information collected about its members (referred to as “End Users”).
2. “Customer Data”: means Personal Information concerning End Users which is collected managed by our Customers.
3. “End User”: means any individual who uses the Services, including users of our mobile applications, and individuals who interact with our Customers through the Services.
4. “Other Information”: means any information that does not reveal your specific identity or does not directly relate to an individual, such as browser, app usage data, information collected through cookies, pixel tags and other technologies, demographic information and other information provided by you, and aggregated information.
5. “Personal Information”: means information that identifies you as an individual or relates to an identifiable person, such as name, postal address, profile picture, telephone number, email address, credit card number, personal training and exercise routine, and social media account ID. It does not include strings of code such as browser cookie IDs.
6. “Customer”: means any business, entity or sole trader that subscribes to (or otherwise accesses or uses) our Services.
7. “Services”: means the website, mobile applications, and any related products and services that we offer you through the Arbox platform.

Collected Information

1. When you use the Services we collect the following Personal Information directly from you:
   • When you create an account on the Arbox App, we ask for Personal Information such as your name, email, mailing address, social media account ID, and other information you may provide with your account; This information is collected with your consent when you provide it directly.
   • If you’re an Admin, we collect information about your business that is submitted to the Services under your account such as your company name, address, phone number, email, credit card information, tax identification number, and other information about your business. We also collect Personal Information about your End Users that they provide to the Services when they book a session, fill out a form or initiate a transaction with you.
   • If you’re an End User, we collect information about you when you interact with our Customer business through the Services. For example:
     • If you book a session, we will collect details about the sessions you’ve signed up to. This information is provided by the End User with consent, and may also include additional Personal Information requested by the Admin business you are transacting with.
     • There may be instances where we collect sensitive Personal Information, for example if a Customer requires you to fill out a health questionnaire before you attend a workout session. Please note that this is subject to our Customer’s discretion and is their responsibility. Other than medical information you are asked to provide, we do not ask for, and you are not permitted to share on the Services, any other sensitive Personal Information.
     • We may also collect and store your photograph and other images which will be accessible to other End Users. This information is provided with your consent when uploading profile or media content.
2. We may store Other Information that we collect via your computer or mobile device in connection with your use of the Services, such as type of computer or mobile device, unique device identifier, IP Address, MAC address, device’s operating system and physical location. You may disable the use of certain location data through your device or browser settings. This data is collected automatically from your device and includes usage information such as the date and time the application accesses our servers and the files downloaded.
3. We may receive Personal Information about you from other sources, such as publicly available platforms, strategic and joint marketing partners, social media platforms, people with whom you are friends or otherwise connected with on social media platforms, as well as from other third parties. This information comes from third-party sources outside of your direct interaction with the Services.

Use of Personal Information

1. We use Personal Information we collect:
   • to provide the Services;
   • to respond to your inquiries and fulfill your requests;
   • to facilitate social sharing functionality (e.g. to allow End Users to interact with each other);
   • to facilitate interactions between Admins and End Users through the Services (e.g. session booking, health forms, etc);
   • to send you (with your prior consent) marketing communications that we believe may be of interest to you consistent with your choices;
   • to share with other marketers (with your prior consent) and permit them to send you marketing communications, consistent with your choices;
   • to send you administrative information, for example, information regarding our services and changes to our terms, conditions, and policies;
   • to present products and offers tailored to you;
   • to allow you to participate in promotions and to administer these activities;
   • for our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products and services, enhancing, improving, or modifying our products and services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
2. In addition we may use your Personal Information as we believe to be necessary or appropriate:
   • as required by applicable law, including transfers outside your country of residence;
   • to comply with legal process;
   • to respond to requests from public and government authorities, including public and government authorities outside your country of residence;
   • to enforce our terms and conditions;
   • to protect our operations or those of any of our affiliates;
   • to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others;
   • to allow us to pursue available remedies or limit the damages that we may sustain
3. Our mobile application may also send push notifications to your mobile device. If you have previously consented to receiving push notifications and no longer wish to receive them, you can also turn push notifications off at the device level. Said applications may also request access to your device’s calendar application, camera, photo album, and microphone. If you have previously allowed such access and no longer wish to allow access, you may change the app’s settings in on your device.

Disclosure of Personal Information

1. Personal Information:
   We may disclose your Personal Information:
   • to our strategic partners and third-party service providers who provide services such as website hosting, data analysis, payment processing services, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, credit card processing, auditing and other similar services;
   • to our affiliates for the purposes described in this Privacy Policy;
   • to our Customers, if you are an End User and are using our Services to interact with that Customer;
   • to third parties to permit them (or their own customers) to send you marketing communications, with your consent and consistent with your choices;
   • to third-party sponsors of sweepstakes, contests and similar promotions;
   • to other End Users, i.e. your friends associated with your account, as well as to your social media account provider, in connection with your social sharing activity;
2. Other information: Please note that we may use and disclose Other Information for any purpose. If we are required to treat Other Information as Personal Information under applicable law, then we may use it for all the purposes for which we use and disclose Personal Information. In some instances, we may combine Other Information with Personal Information (such as combining your name with your geographical location). If we combine any Other Information with Personal Information, we will treat the combined information as Personal Information.
3. Public Message Boards, Blogs, and Forum: Our Services may offer publicly accessible message boards, blogs, and community forums. Please keep in mind that if you directly disclose Personal Information through our public message boards, blogs, or forums, this information may be collected and used by others. To request removal of your Personal Information from our blog or community forum, contact us at dpo@arboxapp.com. In some cases, we may not be able to remove your Personal Information or some content (if, for example, it is reposted by another user), in which case we will let you know if we are unable to do so and why.
4. Testimonials, Ratings and Reviews: If you submit testimonials, ratings or reviews to the Services, any Personal Information you include will be displayed in the Service. If you want your testimonial removed, please contact us at support@arboxapp.com. We also partner with third-party service providers to collect and display ratings and review content on our website. If the content collected by a third party for display includes Personal Information, it will not be posted unless consent is provided by the individual.
5. Legal Disclosure: We reserve the right to disclose Personal Information that we believe to be necessary or appropriate in the following circumstances:
   • as required by law, including laws outside your country of residence, such as to comply with a subpoena, or similar legal process;
   • when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request, including a request from authorities outside your country of residence;
   • to enforce our terms and conditions;
   • to allow us to pursue available remedies or limit the damage we may sustain;
   • if we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via email and/or a prominent notice within the software and/or on our website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.

Privacy Rights

1. You have the right to access, review, correct, or delete Personal Information which we process as a Data Controller. To do so, you may log into your account and make the appropriate changes or email us at dpo@arboxapp.com. In your request, please make clear what Personal Information you would like to have changed or removed from our database. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request.
2. If you are a GDPR-protected individual, you also have the right to lodge a complaint with the relevant supervisory authority in the EEA or the UK, as applicable.
3. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion and/or for any other legal reason. In such cases we will tell you what information we are retaining and for what reason.
4. If you are an End User and would no longer like to be contacted by one of our Customers, or would like to access, review, correct, or delete inaccurate Personal Information for which our Customer is the Data Cotnroller, you must contact the Customer directly. If we receive such a request from an End User we will refer it to our Customer.
5. Personal Information you provide may be used by Arbox for marketing purposes, which you may opt-out from at any time. In jurisdictions which require prior consent prior to sending marketing communications, we will collect this consent from you via your interaction with the Services. If you no longer want to receive marketing-related emails from us, you may opt-out by clicking the ‘unsubscribe’ link at the bottom of each email, or by sending a request for list removal to support@arboxapp.com. If you provide your information to Arbox, at any time you can opt-out, which will allow you to save your information with us, but we will not use your information for marketing purposes. Our sharing of your Personal Information with unaffiliated third parties for their (or their customers’) direct marketing purposes. If you would prefer that we do not share your Personal Information on a going-forward basis with unaffiliated third parties for their direct marketing purposes, you may opt-out of this sharing by emailing support@arboxapp.com from the email that you have signed up or used in receiving the Services.
6. We will try to comply with your request(s) as soon as reasonably practicable. Please also note that if you do opt-out of receiving marketing-related emails from us, we may still send you messages for administrative or other purposes directly relating to your use of the Services, and you cannot opt-out from receiving those messages.

Tracking and Advertising

1. We and our third party service providers may collect Other Information in a variety of ways. We and/or our third party partners may employ various tracking technologies, such as cookies, web beacons and analytics software, that help us better manage content on the Services by informing us what content is effective.
2. Web Beacons: We (or third party data or ad networks we work with) may use web beacons alone or in conjunction with cookies to compile information about our Services, or Other Information we or they have collected. “Web Beacons” (also known as pixel tags) are graphic objects that are embedded in a web page or email and are usually invisible to the user but allow checking that a user has viewed the page or email. Web Beacons may be used within the Services to track email open rates, web page visits or form submissions. In some cases, we tie the information gathered by Web Beacons to our Customers’ and End Users’ Personal Information. For example, we use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. Web Beacons are also deployed by third parties, in connection with Cookies, to serve interest-based (and other) advertising, as described in the below section titled “Advertising Networks”.
3. Cookies: When you visit our website or otherwise interact with the Services we (or third party data or ad networks we work with) may send one or more cookies to your computer or other devices. “Cookies” are alphanumeric identifiers stored on your computer through your web browser and are used by most websites to help personalize your web experience. Some cookies may facilitate additional site features for enhanced performance and functionality such as remembering preferences, allowing social interactions, analyzing usage for site optimization, providing custom content, allowing third parties to provide social sharing tools, and serving images or videos from third party websites. Some features on this site will not function if you do not allow cookies. We may link the information we store in cookies to any Personal Information you submit while on our site. We may use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. Persistent cookies enable us to track and target the interest of our users to enhance the experience on our site. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to automatically decline cookies, or be given the choice of declining or accepting the transfer to your computer of a particular cookie (or cookies) from a particular site. If you reject cookies, you may still use our site, but some features on the site will not function properly. Functional cookies, persistent and session type, store information to enable core site functionality, such as Live Chat and Client ID remembrance. Analytics cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our site and our marketing campaigns. Advertising cookies may be set through our website by our advertising partners. Data may be collected by these companies that enable them to serve up advertisements on other sites that are relevant to your interests.
4. We may deploy and read identifiers (generally, strings of code) that we have associated with a browser, and we may collect mobile identifiers such as Apple IDFAs or Google Android Ad IDs. We generally use and share these identifiers to help tailor more relevant ads to you both on our properties and when you interact with other websites and mobile apps.
5. Do Not Track Signals: We do not respond to browser ‘do not track’ signals.
6. Analytics Software: We and our third party tracking-utility partners use log files on the Services to gather certain information automatically and store it for analytical purposes. This information includes internet protocol (“IP”) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use Google Analytics and Google Fabric, which use cookies and other, similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can opt out of them by downloading the appropriate Google opt-out browser add-ons. We use this information to track and aggregate Other Information to analyze trends, administer the site, track users’ movements around the Services and to gather demographic information about our user base in the aggregate.
7. Advertising Networks: We may partner with third party data or ad network(s) and other service providers to show you relevant ads (whether for our products or those of other companies), including ads displayed on the Services and on other companies’ websites or apps, on any of your devices. We and our service providers may use Cookies and Web Beacons to deploy and read cookie identifiers and Mobile Ad IDs, associated with your activities on the Services, third party web sites, mobile apps or other information we collect, to provide you targeted advertising based upon your interests. They may also use these technologies, along with activity information they collect, to recognize you across the devices you use, such as a mobile device and a laptop or other computer. These ad networks and their customers may also use any of this information to measure ad performance, understand their (or our) audience, or otherwise improve and enhance their marketing. Similarly, we or a third party data partner may associate Cookies with hashed (non-human readable) versions of your registration data (e.g., your email address), along with other interest-based or demographic data. You can learn more about or opt out of this type of advertising through the links in the following paragraph.
8. Apple Devices: If you have an Apple device, you can opt out of most cross-app advertising by updating to iOS 6.0 or higher and setting Limit Ad Tracking to ‘ON.’ You can do this by clicking on Settings > General > About > Advertising, and toggling Limit Ad Tracking to ‘ON.’
9. Android Devices: If you have an Android device, you can opt out of most cross-app advertising by clicking on Google Settings > Ads, and selecting the option to opt-out of interest-based ads. Please note that these platforms control how these settings work, so the above instructions may change. Likewise, if your device uses other platforms not described above, please check the settings for those devices.
10. Social Media Features and Widgets: The Services includes social media features such as the Facebook Like button, and widgets, such as the Share This button or interactive mini-programs that run on our Website. These features may collect your IP address, which page you are visiting on our Website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Website. Your interactions with these features are governed by the privacy policy of the company providing it.

Data Retention

We may retain your personal information for as long as reasonably necessary in order to provide you with our Services, to comply with legal or business requirements, or to protect ourselves in the event of applicable legal obligations or any other legal proceedings. In order to minimize potential risks, we determine the retention period based on the sensitivity of the information, the level of potential exposure, and the specific purposes for which the information is retained. If you wish to ask questions regarding our data retention practices, please contact us at dpo@arboxapp.com.

Cross-Border Transfer

The Services are controlled and operated by us from the State of Israel, and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the State of Israel. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you consent to the transfer of information to countries outside of your country of residence, which may have different data protection rules than those of your country.

While privacy laws vary between we, our affiliates and Service Providers are each committed to protect Personal Information in accordance with this Privacy Policy, customary and reasonable industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.

Arbox is headquartered in Israel, a jurisdiction which is considered by the European Commission, the UK Secretary of State, and the Swiss Federal Data Protection and Information Commissioner (FDPIC), to be offering an adequate level of protection for personal data of individuals residing in EU Member States, the UK and Switzerland, respectively. We transfer data from the European Economic Area (EEA), the UK and Switzerland to Israel on this basis.

Data Security

In order to protect your Personal Information we use industry-standard physical, procedural and technical security measures, including encryption as appropriate. However, please be aware that regardless of any security measures used, we cannot and do not guarantee the absolute protection and security of any personal data stored with us or with any third parties.

Data Controller vs. Data Processor

Certain data protection laws and regulations, such as the GDPR or the Israeli Protection of Privacy Act, typically distinguish between two main roles for parties processing personal data: the “data controller”, who determines the purposes and means of processing; and the “data processor”, who processes such data on behalf of the data controller. Below we explain how these roles apply to our Services, to the extent that such laws and regulations apply.

Arbox Ltd. is the “data controller” of website visitors’ Personal Information and Admin Data, as detailed in Section 1 above. Accordingly, we assume the responsibilities of a data controller (solely to the extent applicable under law), as set forth in this Privacy Policy.

Arbox Ltd. is the “data processor” of Personal Information contained in Customer Data, as submitted or otherwise collected by our Customers and their End Users to their Arbox accounts, and other features avilable to them via the Services. We process such data on behalf of our Customer (who is the “data controller” of such data) and in accordance with its reasonable instructions, subject to our Terms & Conditions, our Data Processing Addendum (to the extent applicable) and other commercial agreements with such Customer.

Our Customers are solely responsible for determining whether and how they wish to use our Services, and for ensuring that all individuals using the Services on the Customer’s behalf or at their request, as well as all individuals whose personal data may be included in Customer Data processed through the Services, have been provided with adequate notice and given informed consent to the processing of their personal data, where such consent is necessary or advised, and that all legal requirements applicable to the collection, use or other processing of data through our Services are fully met by the Customer. Our Customers are also responsible for handling data subject rights requests under applicable law, by their End Users and other individuals whose data they process through the Services.

If you would like to make any requests or queries regarding personal data we process as a data processor on our Customer’s behalf, including accessing, correcting or deleting your data, please contact the relevant Customer directly.

Miscellaneous

1. This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer and any third party operating any third party offering, site or other products and services used in connection with the Services. The inclusion of a link does not imply endorsement of the linked site or service by us or by our affiliates. To know what information is processed by other providers or organizations, please refer to their privacy policies. If you contact us regarding this matter, we will direct you to the relevant privacy policies.
2. We have appointed Prighter as our GDPR (article 27) data protection representative in the European Union and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website. https://prighter.com/cc/arbox-gdpr-rep
3. DPO: Arbox has appointed privacy veteran Avishai Ostrin as our Data Protection Officer, for monitoring and advising on Arbox.com’s ongoing privacy compliance and serving as a point of contact on privacy matters for data subjects and supervisory authorities. Our DPO may be reached at dpo@arboxapp.com.
4. We reserve the right to change this Privacy Policy from time to time. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your account or by placing a prominent notice on our site, and by updating any privacy information on this page. Your continued use of the Services after such modifications will constitute your acknowledgment of the modified Privacy Policy. It is your obligation to ensure that you read, understand and freely agree to the latest version of the Privacy Policy.