· The Site “doctor-sea.com”- herein “the Site” acts the company which markets beauty products and cosmetics from the Dead Sea.
· The Site offers online shoppers from all over the world the opportunity to purchase a variety of products, and in addition, to access the data base of articles.
· The Site is owned by “D.S.P. Doctor Sea Cosmetics Ltd” located in Yoseff Levi 8/11, Naharia, Israel
· Terms and conditions are written in the masculine for linguistic convenience only, but apply equally to men and women.
· By using the Site you accept these Conditions of Use. If you do not agree with all of these Conditions of Use, do not use the Site. Use of the Site is expressly conditioned upon your assent to all these Conditions of Use. You and/or anyone acting on your behalf will have not have any claims or demands against the owners of the site and/or its operators and/or anyone on their behalf, with the exception of claims related to a breach of agreement made by the owners of the site and/or the operations, according to the Conditions of Use set out in this document.
· In this agreement the following terms will be used; their definitions are as follows: “Information”- any material and/or information exhibited in the site in any media, including, among others, words, symbols, logos, graphic designs, buttons, icons, pictures, drawings, layouts, and illustrations including way in which the information design is designed, as mentioned protected under international copyright laws.
· “User/customer”- any person entering the site and/or using its services and/or information and/or purchasing products.
· The pictures and sizes shown in the site are for illustration only; only the size and weight detailed in the text is legally binding.
· In the case of typographical errors in the site, or in the descriptions of the products/services, its price, or the picture of the product/service or any other material, the owners of the site reserve the right to cancel the specific purchase.
· The site may be used for purchasing products and receiving information only. No other use of information is permitted, for any purpose.
DATA PROCESSING AGREEMENT
This Data Processing Agreement ("DPA") is formed between "doctor-sea.com" and their users. This DPA is part of "doctor-sea.com" Terms of Service Agreement ("TOS") and is incorporated by reference herein.
1. Definitions "Affiliate" means an entity that directly or indirectly Controls, is Controlled by, or is under common Control with an entity. "Controller" means the natural or legal person, public authority, agency, or any other body which alone or jointly with others determines the purposes and means of the Processing of personal data. "Customer Data" means any Personal Data that "doctor-sea.com" Processes on behalf of the Customer as a Data Processor in the course of providing its Services. "Data Breach" means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, damage, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise Processed. "Data Protection Laws" means all data protection and privacy "EEA" means, for the purposes of this DPA, the European Economic Area, United Kingdom, and Switzerland. "GDPR" means the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). "Personal Data" means any information relating to an identified or identifiable natural person. "Privacy Shield" means the EU-U.S. Privacy Shield Framework and SwissU.S. Privacy Shield Framework self-certification program operated by the U.S. Department of Commerce and approved by the European Commission pursuant to Decision C(2016)4176 of July 12, 2016, and by the Swiss Federal Council on January 11, 2017. "Process," "Processed," "Processes," and "Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction. "Processor" means a natural or legal person, public authority, agency, or any other body which Processes Personal Data on behalf of the controller. "Services" means any product or service provided by "doctor-sea.com" pursuant to "doctor-sea.com" Terms of Service Agreement ("TOS"). "Subprocessor" means any third-party Processor engaged by "doctor-sea.com". "TOS" means "doctor-sea.com" Terms of Service Agreement which governs the provision of Services to Customer.
2. Applicability of this DPA a. This DPA applies to EU/EEA Customers Processing personal data on behalf of EU/EEA Data Subjects.
3. Roles of Parties a. Customer is the Controller, "doctor-sea.com" is the Processor, and "doctor-sea.com" engages Subprocessors according to the terms of this DPA.
4. Customer's Processing of Personal Data a. Customer is responsible for the control of Personal Data and will remain the Controller for purposes of "doctor-sea.com" Services, the TOS, and DPA. Customer is responsible for complying with its obligations as Controller, in particular for justification of any transmission of Personal Data to "doctor-sea.com" (including providing any required notices and obtaining any required consents), and for its decisions and actions concerning the Processing and use of Customer Data. b. Except as provided in this DPA, Customer is responsible for its secure use of the Services, including securing its account authentication credentials, protecting the security of Customer Data when in transit to and from the Services, and taking all appropriate steps to securely encrypt and/or backup all Customer Data uploaded to the Services.
5. "doctor-sea.com" Processing of Personal Data
a. "doctor-sea.com" shall Process Customer Data only for Data and Processing outside the scope of these instructions shall require prior written agreement by "doctor-sea.com" and Customer.
"doctor-sea.com" will not respond to the request directly without Customer's prior authorization, unless legally compelled to do so. If "iminerals.co.il" is required to respond to a request, "doctor-sea.com" will promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so. b. If a law enforcement agency sends "doctor-sea.com" a demand for Customer Data for example, through a subpoena or court order, "iminerals.co.il" will attempt to redirect the law enforcement agency to request that data directly from Customer. As part of this effort, "doctor-sea.com" may provide Customer's basic contact information to the law enforcement agency. If compelled to disclose Customer Data to a law enforcement agency, "iminerals.co.il" will give Customer reasonable notice of the demand to allow Customer to seek a protective order or other appropriate remedy unless "iminerals.co.il" is legally prohibited from doing so. c. To the extent "iminerals.co.il" is required by law, "iminerals.co.il" will, at Customer's expense, provide reasonably requested information regarding the Services to enable Customer to carry out data protection impact assessments or prior consultations with data protection authorities as required by Data Protection Laws. 8. Subprocessors a. Customer agrees that "iminerals.co.il" may engage Subprocessors to Process Customer Data on Customer's behalf in connection with "iminerals.co.il" provision of its Services. b. "iminerals.co.il" shall enter into an agreement with Subprocessors imposing data protection obligations that require Subprocessors to protect Customer Data to the standard required by Privacy Shield and Data Protection Laws. c. "iminerals.co.il" is responsible for its compliance with this DPA and for any acts or omissions of its Subprocessors that cause "iminerals.co.il" to breach any of its obligations under this DPA. d. Customer may request that "iminerals.co.il" provide information related to Subprocessors' implementation of the data protection obligations required by Privacy Shield and Data Protection Laws, including relevant terms of "iminerals.co.il" agreement with Subprocessors. If the agreement contains confidential information, "iminerals.co.il" may provide a redacted version. 9. Changes to Subprocessors a. "iminerals.co.il" maintains a list of Subprocessors that Process Personal Data of its Customers and will provide a copy of that list to Customer upon request. If Customer has requested a list of "iminerals.co.il" Subprocessors, "iminerals.co.il" will notify Customer via email if it adds Subprocessors at least ten (10) days prior to any such changes. b. Customer may object in writing to "iminerals.co.il" addition of a new Subprocessor within five (5) business days of such notice, provided that such objection is based on reasonable grounds relating to Data Protection Laws. In such event, "iminerals.co.il" and Customer shall discuss such concerns in a good faith effort to achieve resolution. If resolution is impossible, Customer may terminate the TOS by providing written notice to "iminerals.co.il".
"iminerals.co.il" will return any prepaid but unused Customer fees for the period following the effective date of termination. 10. "iminerals.co.il" Personnel a. "iminerals.co.il" shall ensure that any person authorized to Process Personal Data is informed of the confidential nature of Personal Data and has executed written confidentiality agreements. 11. Return or Deletion of Customer Data a. Upon termination or expiration of the TOS, "iminerals.co.il" shall, at Customer's request, delete or return to Customer all Customer Data in its possession or control except: I. Customer Data that "iminerals.co.il" is required by law to retain; and II. Customer Data archived on back-up systems which "iminerals.co.il" will securely isolate and protect from any further Processing, except to the extent required by law. b. Customer is responsible for any costs arising from the return or deletion of Customer Data after the termination or expiration of the TOS. 12. Security a. "iminerals.co.il" shall maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Data), confidentiality, and integrity of Customer Data. "iminerals.co.il" regularly monitors compliance with these measures. "iminerals.co.il" Security Policy will be updated from time to time in accordance with this DPA. b. Customer agrees it is responsible for reviewing the information made available by "iminerals.co.il" relating to its data security and making an independent determination as to whether the Services meet Customer's requirements and legal obligations under Privacy Shield and/or Data Protection Laws. c. Upon Customer's written request not more than once per year, and subject to the confidentiality obligations set forth in the TOS and DPA, "iminerals.co.il" shall make available to Customer that is not a competitor of "iminerals.co.il", information necessary to confirm "iminerals.co.il" compliance with its Security Policy and this DPA. 13. Data Breach Response a. Upon becoming aware of a Data Breach, "iminerals.co.il" will notify Customer without undue delay and provide timely information relating to the Data Breach as it becomes known or as is reasonably requested by Customer. The obligations herein shall not apply to incidents that are caused by Customer or Customer's Users. 14. International Transfers a. If "iminerals.co.il" Processes any Customer Data protected by Data Protection Laws under the TOS and DPA and/or that originates from the EEA, in a country that has not been designated by the European Commission, or Swiss Federal Data Protection Authority (as applicable) as providing an adequate level of protection for Personal Data, the parties agree that "iminerals.co.il" shall be deemed to provide adequate protection (within the meaning of GDPR) for any such Customer Data by having self-certified its compliance with Privacy Shield. b. The parties agree that the international data transfer solution identified in Section 13(a) shall not apply if and to the extent that "iminerals.co.il" adopts an alternative data export solution for the lawful transfer of Personal Data (as recognized by GDPR) outside of the EEA, in which event, the alternative data export solution shall apply instead, but only to the extent that the alternative data export solutions extends to the regions to which Personal Data is transferred. 15. Miscellaneous a. "iminerals.co.il" and Customer agree that this DPA replaces any existing DPA the parties may have previously entered into in connection with the Services. b. Except for the changes made by this DPA, the TOS remains unchanged and in full force and effect. If there is any conflict between this DPA and the TOS, the relevant terms of this DPA take precedence. c. Any claims brought under or in connection with this DPA are subject to the terms and conditions, including but not limited to, the exclusions and limitations set forth in the TOS. d. No one other than a party to this DPA, its successors, and permitted assignees have any right to enforce any of its terms. e. Any claims against "iminerals.co.il" or its Affiliates under this DPA shall be brought solely against the entity that is a party to the DPA. In no event shall any party limit its liability with respect to any individual's data protection rights under this DPA or otherwise. Customer further agrees that any regulatory penalties incurred by "iminerals.co.il" in relation to the Customer Data that arise as a result of, or in connection with, Customer's failure to comply with its obligations under this DPA or any applicable Data Protection Laws shall count toward and reduce "iminerals.co.il" liability under the DPA as if it were liability to the Customer under the DPA. f. This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the TOS, unless required otherwise by applicable Data Protection Laws.
You have the right to be forgotten
Incase you would like us to erase your personal data - Please inform us by sending the word "Erase" to firstname.lastname@example.org