Privacy Policy

DPOas ("DPOas", "we") is an Israeli privacy-compliance consultancy operated as a sole proprietor (עוסק מורשה). This Policy explains how we handle personal data in connection with our website, our business communications, and our engagements, and it is designed to meet the Israeli Privacy Protection Law, 5741-1981 (including Amendment No. 13) and, where it applies, the EU General Data Protection Regulation ("GDPR").

Who we are

DPOas is operated by Yona Schwebel, an Israeli sole proprietor (עוסק מורשה), trading as "DPOas". We are the controller of the personal data covered by this Policy. When we support a client's own privacy program, we may act as a processor on the client's behalf under a separate written agreement. You can reach us at info@dpoas.co.il; please mark privacy requests "Privacy Request".

What we collect and why

We collect only what we need for professional work: identification and business-contact details (name, business email and phone, employer, role), correspondence with you, engagement and billing records, basic website and device data (such as IP, browser, pages visited), and candidate data if you apply for a role. We do not seek special categories of data and ask that you not send them unless we specifically request it.

We use this data to provide our services and run our business — onboarding and serving clients, answering inquiries, managing billing, running our website securely, keeping in touch with contacts for relevant business outreach, sending newsletters or event invites to those who sign up, assessing candidates, and meeting our legal, tax, and professional obligations.

Legal bases

Where the GDPR applies, we rely on: performance of a contract (to serve clients and handle pre-contract inquiries); compliance with legal obligations (tax, accounting, and similar); legitimate interests (to run and develop the business, including B2B outreach, to secure the website, and to defend legal claims); and consent (for newsletters, events, and non-essential cookies). You can withdraw consent at any time without affecting earlier processing. Under Israeli law, our processing is based on consent, necessity for providing the service, and compliance with legal duties.

How we obtain personal data

We collect data directly from you, from the organization you represent, from publicly available professional sources (such as company websites and professional directories) where this supports legitimate business outreach, and from our own service providers and referrers.

Sharing

We do not sell personal data. We share it only with service providers who support our operations (IT, cloud, email, document management, e-signature, and similar), with professional advisors (accountants, auditors, legal counsel), with banks and payment processors, with authorities and courts when required, and — on a confidential basis — with counterparties in any future corporate transaction. Processors act under a written agreement and appropriate confidentiality and security terms.

In particular, when you submit our website contact form, the form data (name, email, optional company name, and your message) is sent directly to a small PHP script hosted on our own web server, which then delivers the message to our info@dpoas.co.il mailbox. No third-party form-relay service is involved. The submission travels over HTTPS, and the data is retained only in our mailbox, subject to the retention period set out in this Policy.

International transfers

We are based in Israel, which the European Commission has recognized as providing an adequate level of data protection. Some of our tools and providers operate outside Israel and the EU/EEA; when data is transferred to a country without an adequacy decision, we rely on appropriate safeguards, such as the European Commission's standard contractual clauses and supplementary measures where relevant. You can request further details at info@dpoas.co.il.

Retention

We keep personal data only for as long as we need it for the purposes described above. As a general guide: engagement records are kept for the duration of the engagement and for seven years afterwards (for professional, tax, and limitation reasons); prospect data for up to three years from the last meaningful interaction; website contact-form submissions for up to twenty-four months; newsletter data until you unsubscribe; candidate data for up to twelve months after the hiring decision; and website logs and analytics typically for up to thirteen months. When data is no longer needed we delete or anonymize it.

Security

We apply technical and organizational measures appropriate to the data and the risk, including access controls, authentication, logging, encryption in transit (and where relevant at rest), backups, supplier reviews, and internal policies on confidentiality and incident response. No system is fully secure, but we take these measures seriously and update them as needed. If a security incident affects personal data and notification is required by law, we will act promptly.

Cookies

Our website uses a limited number of cookies: strictly necessary cookies that run and secure the site, and — where consent applies — basic analytics cookies to understand general usage. We do not use cookies for cross-site tracking, profiling, or targeted advertising. You can manage cookies through your browser and through any preferences tool on the site; disabling some cookies may affect functionality.

Your rights

Depending on the law that applies to you, you may have the rights to access your personal data, to have it corrected, to ask for its deletion, to restrict or object to certain processing (including B2B outreach), to data portability, to withdraw consent where we rely on it, and not to be subject to a decision based solely on automated processing. DPOas does not make such solely automated decisions. To exercise a right, email info@dpoas.co.il with enough detail for us to identify you; we may need to verify your identity and will respond within the time limits set by law (generally one month under the GDPR).

You may also lodge a complaint with the Israeli Privacy Protection Authority or, if the GDPR applies, with the EU/EEA supervisory authority of your country of residence, place of work, or of the alleged issue.

Voluntary provision

You are not required by law to give us personal data. However, without certain information we may not be able to respond, open a matter, or continue an engagement. We will tell you when information is optional or required.

Children

Our services are directed at businesses and professionals. We do not knowingly collect data from anyone under 18.

Changes to this Policy

We may update this Policy from time to time. The current version will always be the one on our website, with the "Last updated" date at the top. For significant changes we will use reasonable means to draw attention to them.

Governing law and contact

This Policy is governed by the laws of the State of Israel, and the competent courts of the Tel Aviv-Yafo district will have exclusive jurisdiction, without prejudice to any mandatory right you have to bring proceedings in your country of residence.

Yona Schwebel, עוסק מורשה · info@dpoas.co.il