🛡️ Privacy Policy

1. General Provisions

HolylandCars ("we", "our company", "service") respects the right to privacy and is committed to protecting the personal data of all our clients: citizens of Israel, the European Union, and other countries.

This Privacy Policy describes what personal data we collect, how we use, store, protect, and transfer it in accordance with applicable law.

1.1 Why Does Multiple Legislation Apply?

Our company is registered in Israel, but we serve customers from different countries:

• 🇮🇱 Israeli legislation applies because the company is registered in Israel
• 🇪🇺 GDPR applies because we serve tourists from European Union countries
• 🌍 Laws of other countries may apply depending on the citizenship and location of the client

2. Regulatory Authorities

2.1 Israel 🇮🇱

Privacy Protection Authority (PPA) / Registrar of Databases

• Website: www.gov.il/privacy
• Phone: *3852 (from Israel)
• Address: Ministry of Justice, 29 Salah ad-Din Street, Jerusalem

2.2 European Union 🇪🇺

National Data Protection Authorities in each EU country

• List of authorities: EDPB Members

3. Data Controller

Database Controller / Data Controller:

• Company Name: HolylandCars
• Address: Tel Aviv, Israel
• Email: info@holylandcars.com
• Phone: +972-52-3414669
• DPO / Data Protection Officer: dpo@holylandcars.com

4. What Personal Data We Collect

4.1 Definition of "Personal Data"

Personal data - any information relating to an identified or identifiable natural person, including:

• 🇮🇱 PPL Name, contact details, IP address, identifiers
• 🇪🇺 GDPR Any information about an identifiable person

4.2 Data You Provide Voluntarily

• Contact information: first name, last name, email address, phone number
• Booking information: rental dates, car preferences, pick-up/return location
• Payment information: credit card details (processed through secure payment systems)
• Documents: copy of driver's license, passport (when required)
• Correspondence: messages via feedback forms, email, phone

4.3 Automatically Collected Data

• Technical data: IP address, browser type, operating system, screen resolution
• Behavioral data: pages visited, time on site, referral source
• Cookies and similar technologies: cookies, tracking pixels
• Geolocation: approximate location based on IP address (with your consent)

4.4 Special Categories of Personal Data

We DO NOT collect or process special categories of personal data (sensitive data), including:

• Health data
• Biometric data
• Racial or ethnic origin
• Political opinions, religious or philosophical beliefs
• Trade union membership
• Genetic data
• Sexual orientation
• Criminal conviction information

5. Processing Purposes and Legal Basis

5.1 Personal Data Processing Purposes

We process your personal data only for the following legitimate purposes:

A) Provision of Car Rental Services (primary purpose)

• Processing and fulfilling bookings
• Communicating with customers about rentals
• Processing payments
• Providing customer support
• Managing your account

Legal Basis:

• 🇮🇱 Informed consent + contract performance
• 🇪🇺 Contract performance (Art. 6(1)(b) GDPR)

B) Service Quality Improvement

• Website performance analysis and optimization
• Studying customer preferences
• Developing new features

Legal Basis:

• 🇮🇱 Legitimate interests of the company
• 🇪🇺 Legitimate interests (Art. 6(1)(f) GDPR)

C) Marketing (only with your consent)

• Sending information about special offers
• Company news distribution
• Personalized offers

Legal Basis:

• 🇮🇱 🇪🇺 Explicit consent (you can withdraw at any time)

D) Security and Fraud Prevention

• Preventing fraudulent transactions
• Protection against unauthorized access
• Website security

E) Legal Compliance

• Fulfilling legal obligations (tax reporting, accounting)
• Responding to government authority requests

6. Use of Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies.

6.1 Cookie Categories

Category	Description	Consent
Necessary cookies	Ensure basic website functionality. The site cannot work without them.	Not required (always active)
Functional cookies	Remember your preferences (language, currency).	Explicit consent required
Analytics cookies	Collect statistics (Google Analytics, Yandex.Metrika).	Explicit consent required
Marketing cookies	Used for personalized advertising.	Explicit consent required

6.2 Cookie Management

You can manage cookies through:

• Our cookie consent banner (appears on first visit)
• Your browser settings
• Third-party opt-out tools

6.3 Third-Party Analytics Tools

We use the following analytics services:

• Google Analytics: Website traffic and user behavior analysis
• Yandex.Metrika: Visitor behavior analysis

These services may use cookies and may transfer data to third countries (USA). We have Data Processing Agreements with these providers.

7. Data Sharing and Disclosure

We do not sell or rent your personal data to third parties. We may share your data only in the following cases:

7.1 Service Providers (Data Processors)

We work with trusted third-party service providers:

• Payment processors (credit card payment processing)
• Hosting providers (data storage)
• Email services (sending notifications)
• Analytics platforms (Google Analytics, Yandex.Metrika)
• CRM systems (customer relationship management)

All processors are required to:

• Process data only according to our instructions
• Ensure proper protection
• Have Data Processing Agreements

7.2 Government Authorities

We may disclose data to government authorities:

• Upon court or law enforcement request
• To comply with legislation
• To protect the company's and clients' rights

8. Cross-Border Data Transfer

Our company is located in Israel, but we serve customers from different countries. This means cross-border data transfer.

8.1 For European Union Residents 🇪🇺

Adequacy Decision: The European Commission has recognized that Israel provides an adequate level of personal data protection (Commission Decision 2011/61/EU).

This means that transferring your data to Israel does not require additional safeguards or consent.

8.2 Transfer of Data to Other Countries

Some of our partners may be located in other countries (e.g., USA). In this case, we ensure:

• Use of Standard Contractual Clauses (SCC)
• Partner certification under the Data Privacy Framework (for USA)
• Obtaining your consent for the transfer

9. Personal Data Security

We have implemented a comprehensive set of measures to protect your data in accordance with all applicable laws:

9.1 Technical Measures

• Encryption: SSL/TLS during transmission, encryption at rest
• Firewalls
• Antivirus protection
• Multi-factor authentication for employees
• Regular backups

9.2 Organizational Measures

• Internal security policies
• Staff training on information security basics
• Access limitation on a "need to know" basis
• Confidentiality agreements with employees
• Regular security audits

9.3 Security Breach Notification

In case of a security breach, we are required to:

• 🇮🇱 Immediately notify the Privacy Protection Authority (PPA)
• 🇪🇺 Notify the supervisory authority within 72 hours
• Notify affected individuals if the breach may harm their rights

10. Your Rights Regarding Personal Data

Depending on your citizenship and location, you have the following rights:

10.1 Right of Access to Data

🇮🇱 🇪🇺 All jurisdictions

You have the right to:

• Obtain confirmation whether we process your data
• Receive a copy of your personal data
• Learn about processing purposes and data recipients

Response time:

• 🇮🇱 21 days (PPL)
• 🇪🇺 1 month (GDPR)

10.2 Right to Rectification

🇮🇱 🇪🇺 All jurisdictions

You have the right to request correction of inaccurate, incomplete, or outdated data.

Rectification period: 7 days

10.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your data in the following cases:

• Data is no longer necessary for processing purposes
• You withdraw consent
• Data was processed unlawfully
• Deletion is required to comply with legislation

Limitations: We cannot delete data necessary for:

• Contract performance with you
• Compliance with legal obligations (accounting, taxes)
• Protection of the company's legal interests

10.4 Right to Data Portability

🇪🇺 GDPR only

You have the right to receive your data in a structured, machine-readable format and transfer it to another controller.

10.5 Right to Object to Processing

🇮🇱 🇪🇺

You have the right to object to processing for:

• Marketing purposes - at any time
• Direct marketing - unconditional right to object
• Processing based on legitimate interests

10.6 Right to Restriction of Processing

🇪🇺

You may request restriction of processing in certain cases (contesting data accuracy, unlawful processing, etc.)

10.7 Right to Withdraw Consent

🇮🇱 🇪🇺 All jurisdictions

If processing is based on your consent, you have the right to withdraw consent at any time.

10.8 Right to Lodge a Complaint

If you believe we are violating your rights, you can file a complaint with the appropriate supervisory authority:

• 🇮🇱 Privacy Protection Authority (PPA): Complaint Form
• 🇪🇺 National supervisory authority of your EU country

11. Storage and Deletion of Personal Data

11.1 Data Retention Periods

We store your personal data only for the period necessary to achieve the purposes or in accordance with legal requirements:

Data Type	Retention Period	Basis
Customer contact information	5 years from last transaction	Legitimate interests, statute of limitations
Booking history and financial documents	7 years	Tax legislation (🇮🇱)
Payment data	Not stored	Processed by payment systems
Cookies	Up to 24 months or until consent withdrawal	Consent
Marketing data	Until unsubscribe + 30 days	Consent

11.2 Data Deletion

Upon expiration of retention periods or upon your request, we:

• Permanently delete data from active databases
• Delete data from backups
• Notify third parties of the need to delete

12. Protection of Minors' Data

Our services are intended for persons who have reached 18 years of age.

• 🇪🇺 GDPR: Minimum age of consent - 16 years (may be reduced to 13 years by national law)
• 🇮🇱 PPL: Special requirements for minors

We do not knowingly collect data from minors. If you are a parent and learn that your child has provided us with data, please contact us.

13. Marketing and Direct Marketing

13.1 Email Marketing

We send marketing emails only with your explicit consent.

• Each email contains an unsubscribe link
• We process unsubscribe requests within 48 hours

13.2 "Do Not Call" Registry

🇮🇱 We comply with the Israeli "Do Not Call" registry requirements

13.3 SMS Marketing

We send promotional SMS only with prior consent. You can opt-out by replying "STOP".

14. Changes to the Privacy Policy

We reserve the right to make changes to this Policy. We will notify you of significant changes by:

• Posting a notice on the main page
• Sending an email notification
• Pop-up window on your next visit

The date of the last update is indicated at the beginning of the document.

15. Automated Decision-Making

We do not use automated decision-making or profiling that may significantly affect your rights.

16. Consent to Personal Data Processing

By using our website and providing us with your personal data, you confirm that:

• You have read and understood this Privacy Policy
• You give informed, voluntary, and explicit consent to the collection, processing, storage, and transfer of your personal data
• You understand your rights and know how to exercise them
• You are aware of the processing purposes and categories of recipients
• You consent to cross-border data transfer to Israel