Privacy Policy

This Privacy Policy (“Policy”) of the private enterprise Allpay (the “Company”) explains the Company’s practices regarding the privacy of users of the Company’s websites and services, and how the Company uses the information provided by users or collected during their use of the websites and services.

This Policy is an integral part of the Allpay Terms of Service (“Agreement”).

Information about you is collected when you use the website or its services. Some of the information personally identifies you, such as your name, address, products and services you have purchased or intended to sell, the means of payment used by you, etc. This is the information you knowingly provide, for example, when registering for services on the website.

Some information does not personally identify you; this is statistical and aggregate information, for example, advertisements you read on the website, the pages you viewed, and the offers and services that interested you.

To the extent that personal information is required when registering for services on the websites or when purchasing products, the Company will only request the information that is directly necessary for the provision of the services or for the purchase.

The use of the information collected will be made in accordance with this Policy or in accordance with applicable law, in order to:

• Allow the use of the various services offered by Allpay.
• Improve the services and content offered.
• Monitor and collect statistics.
• Modify or cancel existing services and content.
• Process purchases of products and services.
• Tailor ads displayed based on your location and websites visited.
• Comply with applicable legal and regulatory requirements regarding privacy and data protection.

The Company will apply the principle of data minimization, collecting and processing only the personal information necessary for these purposes.

The User (as defined in the Agreement) is the owner of the database of personal information collected about their customers and visitors of the website created using the Allpay platform, and is solely responsible for the lawful use of this information. The User will indemnify Allpay for any claim due to non-compliance with privacy laws regarding their customers.

The Company will not transfer your personal information to third parties except in the following cases:

1. If you purchase products or services from third parties offering them through the Allpay platform, these parties will be provided the information needed to complete the purchase.
2. In the event of a legal dispute between you and the Company that requires disclosure of your details.
3. If your actions on the websites are against the law.
4. If a court order requires Allpay to provide your details.
5. If the Company sells or transfers the operation of the website or merges with another entity, provided the new entity accepts the provisions of this Policy.
6. To credit or technological companies PayMe LTD, CAL, MAX, Isracard, and CardCom, as these companies provide technical, legal, and financial services.
7. To Allpay’s business partners and integration platforms (including but not limited to CRM, E-commerce, and other connected platforms) when necessary to provide services, complete a transaction, or enable system integrations.

Allpay shall not be liable for the acts or omissions of third parties once personal information has been lawfully transferred to them, provided that reasonable measures were taken to ensure compliance with privacy laws.

The Company does not store the payment data of the User or the User’s customers. Bank card details are transmitted via a secure connection directly to the payment service provider and are not available to Allpay, except for data needed to verify the transaction (e.g., last 4 digits of the card, transaction number, payer’s name).

The website uses cookies for stable and proper operation, including collecting statistics, verifying details, adapting the site to your preferences, and for security purposes.

Modern browsers allow avoiding cookies. Check your browser’s help section for instructions.

Allpay maintains databases containing fewer than 100,000 individual records and does not operate a credit database as defined by Israeli law.

The Company implements up-to-date security systems and procedures. While these reduce the risks of unauthorized intrusion, they do not provide complete protection. The Company does not guarantee immunity from unauthorized access.

Personal information will be retained only as long as necessary for the purposes collected or as required by law.

The Company is not responsible for unauthorized access, disclosure, loss, or alteration of personal information beyond its reasonable control, including cyberattacks or force majeure events.

Allpay will not allow any third party to process personal information except as stated in this Policy. No transfer will occur unless:

• Allpay assesses the information security risks and finds no significant privacy invasion risk.
• Allpay signs an agreement obligating the subcontractor to maintain confidentiality and comply with privacy laws.
• For integration services, the scope of data provided is strictly limited to what is necessary for that purpose.

Under the Privacy Protection Law, 5741-1981, any person may review the information kept about them in a database and request correction or deletion if incorrect, incomplete, unclear, or outdated. Requests should be sent to info@allpay.co.il.

You may also demand deletion if the Company uses your data for contacting you.

The User is responsible for complying with these rights regarding their own customers on the platform.

Allpay will notify the User of any incident or suspected incident regarding an information security breach in User databases or User personal information, and provide relevant details where possible.

Allpay may process:

• Customer’s full name.
• Social ID number.
• Contact information (address, phone, email).
• Company name, gender, date of birth (where provided).
• Items added to the cart or purchased.
• Behavior on the User’s website.

Permitted uses are limited to providing the services under the Agreement, including storage, transfer, amendment, provision of access, and integration with partners and platforms strictly for operational purposes.