top of page

Privacy Policy 
RubyComm Ltd

Last Updated: August 19, 2025

Type of website: Company Website

www.rubycomm.com (the "Site") is owned and operated by RubyComm Ltd. RubyComm Ltd is the data controller and can be contacted at: dpo@rubycomm.com, 26 Zarchin Street Ra'anana 4366250, Israel

Purpose

The purpose of this privacy policy (this "Privacy Policy") is to inform users of our Site, customers, suppliers, job candidates and our employees of the following:

  • The personal data we will collect

  • Use of collected data

  • Who has access to the data collected

  • The rights of data subjects

  • Our data security and retention practices.

This Privacy Policy applies to our website users, customers, suppliers, job candidates, employees, and all personal data processing activities conducted by RubyComm Ltd.


PIPEDA (Canada)

For users in Canada, we adhere to the Personal Information Protection and Electronic Documents Act (PIPEDA). As a company engaged in commercial activities that may collect, use, or disclose personal information of Canadians, we are committed to following PIPEDA's 10 fair information principles:

  • Accountability: We have appointed a Data Protection Officer responsible for PIPEDA compliance

  • Identifying purposes: We clearly identify purposes for collecting personal information before or at the time of collection

  • Consent: We obtain meaningful consent for collection, use, and disclosure of personal information

  • Limiting collection: We collect only personal information necessary for identified purposes

  • Limiting use, disclosure, and retention: We use information only for stated purposes and retain it only as long as necessary

  • Accuracy: We ensure personal information is accurate, complete, and up-to-date

  • Safeguards: We implement appropriate security measures to protect personal information

  • Openness: We make our privacy policies and practices readily available

  • Individual access: We provide individuals access to their personal information upon request

  • Challenging compliance: We maintain procedures for addressing privacy complaints


GDPR

For users in the European Union, we adhere to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, known as the General Data Protection Regulation (the "GDPR"). For users in the United Kingdom, we adhere to the GDPR as enshrined in the Data Protection Act 2018.


Israeli Privacy Protection Law

For users in Israel, processing of personal data within Israel, and our employees, we adhere to the Israeli Privacy Protection Law (התשמ"א-1981) as amended by Amendment No. 13 (התשפ"ד-2024), effective August 15, 2025, and the Information Security Regulations (התשע"ז-2017). As an Israeli company, we are committed to protecting your personal information in accordance with Israeli privacy legislation and maintaining appropriate security measures as required by Israeli law.

​​

Data Controller Information

 

Our Privacy Protection Officer (PPO) or Data Protection Officer (DPO) is responsible for overseeing compliance with privacy protection regulations, conducting risk assessments, ensuring alignment with Amendment 13, and serving as a key point of contact for data subjects and the Privacy Protection Authority. The PPO operates independently and reports directly to senior management.

 

Database Registration Status

Our databases do not require registration with the Privacy Protection Authority under Amendment No. 13 thresholds. We maintain appropriate data security measures and comply with all applicable privacy requirements regardless of registration status.

Personal Data Definitions Under Israeli Law

Personal Information: Any data relating to an identified or identifiable person, including but not limited to names, identification numbers, location data, online identifiers, biometric identifiers, or details about physical condition, health, economic, social, or cultural status.

Highly Sensitive Information: Private affairs and intimate relationships, sexual orientation, medical and genetic data, political opinions, religious beliefs, criminal records, location/tracking data, biometric identifiers, ethnicity, personality assessments, financial information, and data subject to statutory confidentiality obligations.

Consequences of Not Providing Personal Data

If you choose not to provide requested personal data:

  • Website users, Customer and Suppliers: You may not be able to access certain website features, receive customer support, or use our contact forms

  • Employees: You may not be able to receive employment, payroll processing, performance evaluations, or access to company systems and facilities

Annual Data Review

We conduct annual reviews of all personal data to determine continued necessity. Data that is no longer required for its original purpose is automatically deleted unless retention is required by law.

US State Privacy Laws and International Privacy Rights

For users in US states with applicable privacy laws (including California, Virginia, Colorado, Connecticut, Utah, Texas, Florida, and others), we comply with relevant state privacy requirements where they apply to our operations.

For users in other jurisdictions with applicable privacy laws, we strive to comply with relevant international privacy requirements. US residents and international users may have rights including access to personal information, correction of inaccurate data, deletion of personal information, and opting out of certain data processing activities, subject to applicable law thresholds and exemptions.

If you believe you have rights under applicable privacy laws and would like to exercise them, please contact our Data Protection Officer at dpo@rubycomm.com. We will respond to your request in accordance with applicable law requirements and timelines.

Consent

By using our Site, users agree that they consent to the conditions set out in this Privacy Policy.

When the legal basis for us processing your personal data is that you have provided your consent to that processing, you may withdraw your consent at any time. If you withdraw your consent, it will not make processing which we completed before you withdrew your consent unlawful.

By commencing or continuing employment with RubyComm Ltd, employees consent to the processing of their personal data as described in this Privacy Policy for employment-related purposes.

You can withdraw your consent by contacting the RubyComm Data Protection Officer at dpo@rubycomm.com

 

Legal Basis for Processing

For Canadian users: We collect and process personal information in accordance with PIPEDA's fair information principles and only for purposes that a reasonable person would consider appropriate in the circumstances.

For EU users: We collect and process personal data about users in the EU only when we have a legal basis for doing so under Article 6 of the GDPR.

For Israeli users and employees: We collect and process personal data in accordance with the Israeli Privacy Protection Law and only for legitimate purposes as defined by Israeli privacy legislation. We rely on the following legal bases to collect and process personal data:

  • Users have provided their consent to the processing of their data for specific purposes

  • Processing is necessary for the performance of a contract or taking steps before entering a contract (including employment contracts)

  • Processing is necessary for compliance with legal obligations (including employment law, tax, and regulatory requirements)

  • For employees, consent is primarily relied upon for optional data processing activities or highly intrusive monitoring where consent can be genuinely freely given. For essential employment functions, we primarily rely on contractual necessity and legal obligations.

  • Processing is necessary for legitimate interests pursued by us or third parties (including business operations, security, and fraud prevention)

 

Personal Data We Collect

We only collect data that helps us achieve the purposes set out in this Privacy Policy. We will not collect any additional data beyond the data listed below without notifying you first.

 

Website User Data Collected Automatically

When you visit and use our Site, we may automatically collect and store the following information:

  • IP address (which may be considered personal information under PIPEDA when combined with other automatically collected data)

  • Country

  • Hardware and software details

  • Clicked links

  • Content viewed

Note for Canadian users: IP addresses are considered personal information under PIPEDA, particularly when combined with other automatically collected data. We collect IP addresses for essential website functionality, security monitoring, and analytics purposes only.

 

Employee Data We Collect

For our employees and job candidates, we collect and process the following categories of personal data:

Basic Personal Information:

  • Full name, date of birth, identification numbers

  • Contact information (address, phone, email)

  • Nationality and work authorization status

Employment-Related Information:

  • Employment contract details

  • Job title, department, reporting structure

  • Salary, benefits, and payroll information

  • Performance evaluations and disciplinary records

  • Training records and certifications

  • Time and attendance records

Security and Access Information:

  • Biometric data for access control (with explicit consent)

  • IT system access logs and monitoring data

  • Company device usage monitoring 

Highly Sensitive Employee Information:

  • Medical information for sick leave administration and  travel health insurance 

  • Criminal background check results (where legally required)

 

How We Use Personal Data

Data collected on our Site and from our employees and job candidates will only be used for the purposes specified in this Privacy Policy or indicated on the relevant pages of our Site or in employment documentation.

 

Website User Data Usage

The data we collect automatically is used for the following purposes:

  • Essential website functionality: Enabling proper website operation and user experience

  • Security monitoring: Detecting and preventing unauthorized access or cyber attacks

  • Statistical analysis: Understanding website usage patterns to improve our services

 

Employee Data Usage

Employee personal data is processed for the following employment-related purposes:

  • Employment administration: Hiring, onboarding, payroll, benefits administration

  • Performance management: Evaluations, training, career development

  • Legal compliance: Tax reporting, labor law compliance, regulatory requirements

  • Security and safety: Workplace access control, safety monitoring, incident investigation

  • IT management: System access, monitoring for policy compliance, data security

 

Data Retention and Deletion

Website User Data

User data will be stored until the purpose the data was collected for has been achieved, typically:

  • Session data: Until session ends

  • Analytics data: 62 days or as standardized by our website platform management system

  • Contact form data: 2 years from submission or until consent withdrawal, whichever is sooner

Employee Data

Employee data is retained according to the following schedule:

  • Basic employment records: as required by Israeli law

  • Payroll and tax records: as required by Israeli tax law

  • Performance evaluations: as required by Israeli law

  • Security and access logs: as required by CISO policy

  • Medical records: as required by Israeli law

We conduct annual reviews to identify and delete data that is no longer necessary for its stated purposes.

 

Who We Share Personal Data With

 

Employees

We may disclose user data to any member of our organization who reasonably needs access to user data to achieve the purposes set out in this Privacy Policy.

Employee data is shared with:

  • HR and management personnel / software vendors for employment administration

  • IT personnel for system access and security

  • Payroll processors for salary and tax processing

  • Pension funds, study funds and benefits administrators for salary processing

  • Legal counsel when required for compliance or disputes

  • Travel service providers (for business travel)

 

Third Parties

We may share user data with the following third parties:

  • Google Analytics

We may share the following user data with third parties:

  • Information such as sessions/visitors by traffic source/category, sessions by device and sessions by country

We may share user data with third parties for the following purposes:

  • Traffic analysis for website optimization

Third parties will not be able to access user data beyond what is reasonably necessary to achieve the given purpose.

 

Other Disclosures

We will not sell or share your data with other third parties, except in the following cases:

  • If the law requires it

  • If it is required for any legal proceeding

  • To prove or protect our legal rights

  • To buyers or potential buyers of this company in the event that we seek to sell the company

If you follow hyperlinks from our Site to another Site, please note that we are not responsible for and have no control over their privacy policies and practices.

 

International Data Transfers

When personal data is transferred outside Israel, including to the European Economic Area, United Kingdom, United States, or other jurisdictions, we implement appropriate safeguards including:

  • Standard Contractual Clauses approved by relevant authorities

  • Adequacy decisions by relevant data protection authorities

  • Binding Corporate Rules where applicable

  • Other appropriate safeguards as required by applicable law

For transfers from the EEA, we ensure compliance with GDPR transfer requirements. For transfers to the United States, we rely on adequacy frameworks where available or implement appropriate contractual safeguards.

 

How We Protect Your Personal Data

RubyComm Ltd is ISO 27001:2022 certified and protects its data and information systems accordingly.

 

Security Measures by Data Sensitivity

Standard Personal Data:

  • Encryption of data in transit and at rest using industry-standard protocols

  • Multi-layered access controls and authentication measures

  • Regular security reviews and compliance audits

  • Employee training on data protection and security procedures

  • Network security monitoring and intrusion detection systems

  • Secure data backup and recovery procedures

Additional Measures for Highly Sensitive Information:

  • Multi-factor authentication and privileged access management

  • Restricted access on strict need-to-know basis with audit logging

 

Workplace Monitoring Disclosures

CCTV Surveillance:

  • Cameras are installed and managed by building management in common areas, entrances, and parking areas

  • Recordings are used for security and safety purposes only

  • No cameras in private areas (restrooms, changing rooms)

 

Email and Communication Monitoring:

  • Company email accounts may be monitored for security and compliance

  • Personal use of company systems is discouraged

  • Monitoring is conducted in accordance with Israeli labor law

 

Biometric Access Control:

  • Fingerprint scanners used for facility access (with explicit consent)

  • Alternative access methods available for those who decline

  • Biometric data is encrypted and stored securely

While we take all reasonable precautions to ensure that user data is secure and that users are protected, there always remains the risk of harm. The Internet as a whole can be insecure at times and therefore we are unable to guarantee the security of user data beyond what is reasonably practical.

 

Incident Response Procedures

We maintain comprehensive incident response procedures to detect, manage, and respond to potential security incidents, including:

  • Real-time monitoring and threat detection systems

  • Immediate containment and mitigation measures

  • Forensic analysis and impact assessment

  • Stakeholder notification according to legal requirements

  • Post-incident review and security improvements

 

Your Rights as a Data Subject

 

Under PIPEDA (for Canadian users), you have the following rights:

  • Right to access: You have the right to request information about the personal information we hold about you, including how it's used and to whom it's disclosed

  • Right to correction: You have the right to request correction of inaccurate personal information

  • Right to withdraw consent: You can withdraw your consent for the processing of your personal information at any time

  • Right to challenge compliance: You have the right to challenge our compliance with PIPEDA's fair information principles

 

Under the GDPR (for EU users), you have the following rights:

  • Right to be informed

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to restrict processing

  • Right to data portability

  • Right to object

 

Under Israeli Privacy Protection Law (for Israeli users and employees), you have the following rights:

  • Right to access: You have the right to review your personal information held by us, including the purposes of processing and recipients of data transfers

  • Right to correct: You have the right to request correction of inaccurate, incomplete, or outdated personal information

  • Right to request deletion: You have the right to request deletion of personal information in certain circumstances, including when data is unclear, incomplete, incorrect, outdated, or used beyond original purposes

  • Right to object: You have the right to object to processing in certain cases, particularly for direct marketing purposes

  • Right to compensation: You may be entitled to statutory damages of up to NIS 10,000 for violations of your access and correction rights, without needing to prove actual damage

 

Exercising Your Rights

To exercise any of these rights, please submit your request through our online form at https://www.rubycomm.com/privacy-complaints or please contact our  Privacy Protection Officer / Data Protection Officer at dpo@rubycomm.com with the following information:

  • Your full name and contact information

  • Specific right you wish to exercise

  • Detailed description of your request

  • Verification of your identity (copy of ID may be required)

  • For employees: employee ID or other identifying information

 

Response Timeframes:

  • Israeli law: 30 days from receipt of verified request

  • GDPR: 30 days (extendable to 60 days for complex requests)

  • PIPEDA: 30 days at minimal or no cost

We will respond to your request without undue delay and provide information about any actions taken. If we cannot fulfill your request, we will explain the reasons and inform you of your right to lodge a complaint with the relevant supervisory authority.

 

Verification Requirements: For security purposes, we may request additional information to verify your identity before processing rights requests, particularly for sensitive requests such as data deletion or access to highly sensitive information.

 

Data Breach Notification

 

For Canadian users:

In accordance with PIPEDA's mandatory breach notification requirements, we will notify the Office of the Privacy Commissioner of Canada and affected individuals of any breach of security safeguards involving personal information that creates a real risk of significant harm to individuals.

 

For Israeli users and employees:

We will immediately notify the Privacy Protection Authority of any severe security incident involving unauthorized use or damage to our databases. If the Authority determines that the incident creates a significant risk to privacy or security, we will also notify affected individuals with:

  • Detailed account of the incident

  • Types of personal data involved

  • Potential consequences and risks

  • Mitigation actions taken

  • Preventive measures implemented

  • Protective advice for affected individuals

  • Contact information for assistance

You may contact us regarding any security incident at: dpo@rubycomm.com

 

Children

We do not knowingly collect or use personal data from children under 16 years of age. If we learn that we have collected personal data from a child under 16 years of age, the personal data will be deleted as soon as possible. If a child under 16 years of age has provided us with personal data their parent or guardian may contact our data protection officer.

 

How to Access, Modify, Delete, or Challenge the Data Collected

For Canadian users under PIPEDA: You have the right to access your personal information held by us. We will respond to written requests within 30 days and provide information at minimal or no cost.

If you would like to know if we have collected your personal data, how we have used your personal data, if we have disclosed your personal data and to whom we disclosed your personal data, if you would like your data to be deleted or modified in any way, or if you would like to exercise any of your other rights under PIPEDA, GDPR, or Israeli Privacy Law, please contact our data protection officer at:

dpo@rubycomm.com

 

How to Opt-Out of Data Collection, Use or Disclosure

In addition to the method(s) described in the How to Access, Modify, Delete, or Challenge the Data Collected section, we provide the following specific opt-out methods for the forms of collection, use, or disclosure of your personal data specified below:

  • Marketing cookies, functional cookies and analytics cookies: You can opt-out by adjusting the Advanced Cookie Settings menu

  • Employee biometric data collection: Alternative access methods are available for facility entry

  • Direct marketing communications: Use unsubscribe links, fill out our online form at  https://www.rubycomm.com/privacy-complaints or contact dpo@rubycomm.com

 

Automated Decision-Making and Profiling

We do not engage in solely automated decision-making or profiling that produces legal effects or significantly affects individuals. If this changes in the future, we will:

  • Update this privacy policy with appropriate notices

  • Provide meaningful information about the logic involved

  • Offer safeguards including the right to human intervention

  • Allow you to express your point of view and contest the decision

  • Obtain explicit consent where required by applicable law

 

Cookie Policy

A cookie is a small file, stored on a user's hard drive by a website. Its purpose is to collect data relating to the user's browsing habits. You can also choose to disable cookies entirely in your internet browser, but this may decrease the quality of your user experience.

We use the following types of cookies on our Site:

  • Essential/Functional cookies: Necessary for website functionality and remembering your selections. These cookies are required for the Site to operate and cannot be switched off

  • Analytical/Performance cookies: Allow us to improve the design and functionality of our Site by collecting data on how you access our Site, content you access, session duration, etc.

  • Marketing/Advertising Cookies: Used to track advertising effectiveness and provide personalized content

  • Third-Party Cookies: Created by external services like Google Analytics

Cookie Consent

Essential cookies are automatically placed as they are necessary for website functionality and security.

Non-essential cookies require your explicit opt-in consent, which you can provide or withdraw at any time through our cookie preference center.

You can manage your cookie preferences by:

  • Using our cookie settings panel (accessible via the cookie banner)

  • Adjusting your browser settings to refuse cookies

  • Opting out of specific tracking services through industry opt-out tools

We respect your choices and will not place non-essential cookies without your consent.

 

Enforcement and Penalties

Non-compliance with applicable privacy laws may result in significant legal, financial, and reputational consequences across multiple jurisdictions where we operate:

 

Israeli Privacy Protection Law (Amendment No. 13)

Administrative fines up to NIS 320,000 (potentially NIS 640,000 in severe cases), with per-individual penalties of NIS 50 for personal data and NIS 100 for highly sensitive data violations. The penalty cap is 5% of annual turnover. Criminal penalties include up to 5 years imprisonment for willful privacy infringement and up to 3 years for database violations. Data subjects may claim statutory damages up to NIS 10,000 without proving actual harm for violations of access and correction rights.

 

European Union GDPR

Administrative fines up to €20 million or 4% of global annual turnover (whichever is higher) for the most serious violations, including unlawful processing, consent violations, or data subject rights breaches. Lower-tier violations may result in fines up to €10 million or 2% of global annual turnover. Additional consequences include corrective orders, processing limitations, data transfer suspensions, and mandatory audits. Data subjects may claim compensation for material and non-material damages.

 

Canada PIPEDA

The Privacy Commissioner of Canada may conduct investigations, issue findings, and make recommendations for compliance. While PIPEDA does not provide for administrative monetary penalties, violation findings can result in reputational damage, Federal Court applications for compliance orders, and potential civil liability. Under Bill C-27 (when enacted), penalties may include fines up to CAD $25 million or 5% of global gross revenue for serious violations.

 

Privacy Principles Compliance

We adhere to internationally recognized privacy principles in all our data processing activities:

Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner.

Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.

Data Minimization: We ensure personal data is adequate, relevant, and limited to what is necessary for the purposes of processing.

Accuracy: We take reasonable steps to ensure personal data is accurate and kept up-to-date, and we correct or erase inaccurate data without delay.

Storage Limitation: We retain personal data only as long as necessary for the purposes for which it was processed.

Integrity and Confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.

Accountability: We are responsible for demonstrating compliance with privacy principles and maintaining appropriate documentation of our processing activities.

 

Modifications

This Privacy Policy may be amended from time to time in order to maintain compliance with the law and to reflect any changes to our data collection process. When we amend this Privacy Policy we will update the "Last Updated" date at the top of this Privacy Policy. We recommend that our users and employees periodically review our Privacy Policy to ensure that they are notified of any updates. If necessary, we may notify users by email of changes to this Privacy Policy.

 

Complaints

If you have any complaints about how we process your personal data, you may submit a complaint directly through our Privacy Complaints Form at https://www.rubycomm.com/privacy-complaints or contact us through the contact methods listed in the Contact Information section so that we can, where possible, resolve the issue.

We will acknowledge receipt of your complaint and aim to respond within 30 days.

If you feel we have not addressed your concern in a satisfactory manner:

  • Canadian users: may contact the Office of the Privacy Commissioner of Canada at 1-800-282-1376 or through their website at www.priv.gc.ca

  • EU users: may contact a supervisory authority

  • Israeli users and employees: may contact the Israeli Privacy Protection Authority at https://www.gov.il/en/pages/public_inquiries_ilita

  • US users: may contact relevant state attorney general offices or consumer protection agencies in states with applicable privacy laws

  • UK users: may contact the Information Commissioner's Office

 

Contact Information

Data Protection Officer: dpo@rubycomm.com
Privacy Complaints: Use our online Privacy Complaints Form (under the website legal section) or email dpo@rubycomm.com

Office of the Privacy Commissioner of Canada (for Canadian users):

  • Address: 30 Victoria Street, Gatineau, Quebec K1A 1H3

  • Phone: 1-800-282-1376 (toll-free) or 819-994-5444

  • Website: www.priv.gc.ca

For rights requests under Israeli Privacy Protection Law:

  • Email: dpo@rubycomm.com

  • Address: 26 Zarchin Street, Ra'anana 4366250, Israel

  • Response timeframe: 30 days from verified request

If you have any questions, concerns or complaints, you can contact our data protection officer at: dpo@rubycomm.com

 

*This Privacy Policy is effective as of the date last updated above and applies to all personal data processing activities of RubyComm Ltd.

bottom of page