Privacy Policy

1. Introduction – Who We Are

  • Studio Naim ("we")
  • Contact email: info@naim.org.il
  • Phone: 035188998

Last updated: August 2025
This page complies with Amendment 13 to the Privacy Protection Law (5741–1981).

2. Personal Information We Collect

We may collect the following types of information:

  • Identifying details such as: name, email, phone, age
  • Digital identifiers such as: IP address, cookies
  • Particularly sensitive information (e.g., health or personal status), but only when explicitly authorized

3. Purposes of Data Use

We use your information for the following purposes: operating the site and providing service; improving user experience and offering personalized content; statistical analysis (non-personal) for improvement and promotion; sending marketing communications — only after explicit opt-in; site security (including preventing intrusion and monitoring suspicious activity).

4. Informed Consent (Opt-in)

Any processing of personal information that is not essential to providing services (such as marketing or analytics) will be carried out only after receiving your explicit consent. You may withdraw consent at any time, and processing will cease immediately.

5. Cookie Management (Cookie Banner / CMP)

The site will display a banner with clear options: "Accept All" / "Reject All", along with categories (essential, analytics, marketing).

Management scripts (such as Google Analytics) will only load after your consent.

You can change your preferences at any time; every choice is saved and recorded (with date, time, and version).

6. Sharing with Third Parties (Processors)

Third-party sharing – Arbox (management system). We use the Arbox platform to manage clients, payments, and studio activity. This is done under a Data Processing Agreement (DPA) between Studio Naim and Arbox, which includes commitments to protect your personal data.

We may share information with third parties such as mailing services, CDN, analytics, or plugins. Any such sharing will only be done upon signing a Data Processing Agreement (DPA) and meeting security requirements. Where international data transfer is required, it will only take place to countries with an adequate level of protection.

7. Your Rights – Access / Correction / Deletion

You have the right to:

  • Access the information held about you
  • Correct inaccurate information
  • Request deletion of information (where applicable) by contacting us by email

8. Information Security

  • TLS protocol (HTTPS), backups, and regular system updates.
  • Strict user permissions, secure passwords, and two-factor authentication (2FA)
  • Where necessary — penetration testing (PenTest) and security scans
  • DPO – michale@naim.org.il

9. Data Retention Period

We retain personal information only as long as it is necessary for the purposes for which it was collected, such as: class management, service and support, statistics, consented mailing, payment processing and documentation (including accounting records).

If you request deletion of your data, we will delete or anonymize it from active systems without unreasonable delay and ensure that relevant data is not used. Copies in system backups without ongoing operational access will be deleted in the next backup cycle or within a reasonable timeframe in accordance with our backup cycles and technical capabilities ("beyond use").

10. Database Registration and Reporting to the Privacy Authority

After review, we determined that we do not meet the conditions for mandatory registration, and therefore there is no obligation to register. Reporting is also not required as we do not hold "particularly sensitive" information at the 100,000-person threshold.

11. Future Updates

This policy may be updated in accordance with changes in legislation or new directives from the Authority. We will make every effort to update this page in all relevant cases.

ווטסאפ