GDPR Compliance Statement

This GDPR Compliance Statement sits in line with our Privacy Policy, is supplemental and applies to all users within the European Union that are using our services. As such Money Pay Ltd trading as “Claim Justice” of Carlebach 7, Tel Aviv-Yafo, Israel and/or Data Tech BI LTD trading as “Claim Justice” Leysin, Meath Green Lane, Horley, RH6 8HY Surrey, United Kingdom (hereinafter referred to as “Claim Justice”,”we”, “us”, “our”) proceeds with all data processing procedures (e.g., collection, processing and transmission) in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation). Nothing in this Statement is intended to contradict or limit the applicability of the information provided in our Privacy Policy.

The following provides you with an overview of the type of data collected and how it is used and passed on, the security measures we take to protect your data and how you can exercise your rights.

The Controller

The responsible entity according to Art. 24 GDPR is:

Money Pay Ltd trading as “Claim Justice” of Carlebach 7, Tel Aviv-Yafo, Israel and/or Data Tech BI LTD trading as “Claim Justice” Leysin, Meath Green Lane, Horley, RH6 8HY Surrey, United Kingdom.

You may contact us if you:

  • have any questions about this Policy Statement,
  • wish to file a complaint about a possible violation of data protection laws,
  • have any requests related to your rights, and
  • wish to access, correct incomplete, inaccurate, or outdated data.

Please note that deletion of information essential to account management and services may result in termination of services provided to you.

We will make every effort to respond to your requests in the shortest possible time, and always in strict compliance with applicable law. In some cases, requests for deletion may not be honoured immediately, due to a legal obligation.

Your Rights

First of all, we would like to inform you about your rights as a data subject. These rights are standardised in Art. 15 – 22 GDPR. This includes:

  • The right to information (Art. 15 GDPR),
  • The right to erasure (Art. 17 GDPR),
  • The right to rectification (Art. 16 GDPR),
  • The right to data portability (Art. 20 GDPR),
  • The right to restriction of data processing (Art. 18 GDPR),
  • The right to object to data processing (Art. 21 GDPR).

To assert these rights, please contact us. The same applies if you have questions about data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority.

Legal Bases for Processing

The processing of your personal data may be based on the following legal grounds:

  • Art. 6 (1) lit. a GDPR serves as our legal basis for processing operations where we obtain your consent for a specific processing purpose.
  • Art. 6 (1) lit. b GDPR, insofar as the processing of personal data is necessary for the performance of a contract, e.g., if you purchase a product. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in the case of enquiries about our products or services.
  • Art. 6 (1) lit. c GDPR, insofar as we are subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations.
  • Art. 6 (1) lit. d GDPR in the event that vital interests of you or another natural person require the processing of personal data.
  • Art. 6 (1) lit. f GDPR applies on the basis of our legitimate interests, e.g., when using service providers as part of order processing, such as payment service providers or when carrying out statistical surveys and analyses and logging registration procedures. Our interest is directed towards the use of a user-friendly, appealing, and secure presentation as well as optimisation of our website, which serves our business interests as well as meeting your expectations.

Duration of Storage and Routine Deletion of Personal Data

We process and store your personal data only for the period of time required to fulfil the purpose of storage or if this has been provided for, in laws or regulations. After the purpose has ceased to exist or has been fulfilled, your personal data will be deleted or blocked.

In the case of blocking, deletion will take place as soon as legal, statutory, or contractual retention periods do not conflict with this, there is no reason to assume that deletion would impair your interests worthy of protection and deletion would not cause a disproportionately high expense due to the special nature of the storage.

Log Files

The legal basis for this data processing is Article 6 (1) sentence 1 lit. b of the GDPR, as the collection and storage of this data is necessary for the operation of the website in order to ensure the functionality of the website and to deliver the content of our website correctly.

In addition, the data serve us to optimise our website and to ensure the security of our IT systems and the processing is based in this respect on Art. 6 (1) lit. f GDPR. For this reason, the data is stored for a maximum of 7 days as a technical precaution.

We also use this data for the purposes of advertising, market research and to design our services to meet your needs by creating and evaluating user profiles under pseudonyms, but only if you have not exercised your right to object to this use of your data (see information on the right to object under “Your rights”).

Contractual Relationship

In order to establish or implement the contractual relationship with our customers, it is regularly necessary to process the personal master, contract and payment data provided to us. The legal basis for this processing is Art. 6 (1) b) GDPR. We also process customer and prospect data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 (1) lit. f GDPR and serves our interest in further developing our offer and informing you specifically about WRPSA offers. Further data processing may take place if you have consented (Art. 6 para. 1 letter a) GDPR) or if this serves the fulfilment of a legal obligation (Art. 6 para. 1 letter c) GDPR).

Exercising our rights

Based on Art. 6 para. 1 lit. c and f GDPR, we use and store your personal data and technical information to the extent necessary to prevent or prosecute misuse or other illegal behaviour on our website, e.g., to maintain data security in the event of attacks on our IT systems. This also takes place insofar as we are legally obliged to do so, for example due to official or court orders, and for the exercise of our rights and claims as well as for legal defence.

Enquiries

When contacting us, the personal data transmitted will be stored. This data is processed exclusively for the purpose of answering the enquiry. The legal basis for the processing is Art. 6 (1) lit. f.) GDPR or Art. 6 (1) lit. b) GDPR if the enquiry is aimed at concluding a contract. The data will be deleted when the purpose of the processing no longer applies, e.g., the enquiry has been conclusively answered. You can object to the processing of your personal data at any time by contacting us.

Use of customer data for direct marketing purposes

If you have provided us with your e-mail address when using our Services, we reserve the right to regularly send you e-mail offers for similar services. We do not need to obtain your separate consent for this. In this respect, the data processing is carried out solely on the basis of our legitimate interest Art. 6 (1) lit. f.) GDPR in personalised direct advertising. If you have initially objected to the use of your e-mail address for this purpose, we will not send you any e-mails.

You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the responsible person named at the beginning. After receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the marketing.

Testimonial

Within the Testimonial, you may be able to display certain personal information, share certain details, engage with others, exchange knowledge and insights, post and view relevant comment. Comment and data are publicly viewable. You have choices about the information on your comment. You don’t have to provide additional information on your comment; however, comment information helps you to get more from our Services. It’s your choice whether to include sensitive information in your comment and to make that sensitive information public. Please do not post or add personal data in your comment that you would not want to be available. The legal basis is consent in accordance with Art. 6 (1) lit. a GDPR.

Cookies

We use cookies on our web sites. Cookies are small text files that are stored on your device and can be read. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. Cookies can contain data that make it possible to recognise the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person.

We use session cookies and permanent cookies on our web sites. The processing is carried out on the basis of Art. 6 (1) lit. f.) GDPR and in the interest of optimising or enabling user guidance and adapting the presentation of our platform. You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time using the appropriate browser settings and prevent the setting of new cookies. Please note that our web sites may then not be displayed optimally, and some functions may no longer be technically available.

Insofar as you have given your consent to this in accordance with Art. 6 (1) lit. f.) GDPR, we use the following cookies and other technologies from third-party providers on our web site. After the end of the purpose and the end of the use of the respective technology by us, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future.

Disclosure of personal data to third parties

Your personal data will only be passed on if there is a legal obligation to do so or to service providers and partner companies that have been carefully selected in advance and are contractually obliged to comply with the requirements of data protection law.

a) Disclosure within affiliated companies pursuant to Art. 6 Para. 1 lit. b GDPR

We pass on your personal data for the conclusion and processing of contracts for offers on our website to affiliated companies. This is particularly necessary so that you can use all our offers. If you contact a store or our customer hotline with questions, complaints or returns as well as other complaints, they will also receive access to your order data in order to be able to process your request.

b) Disclosure to service providers according to Art. 6 para. 1 lit. b and f GDPR

For the operation and optimisation of our website and our services and for the processing of contracts, various service companies work for us, e.g., for central IT services or the hosting of our website, for the delivery of services or for the dispatch of newsletters, to whom we pass on the data required for the fulfilment of the task (e.g., name, address).

Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection precautions at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.

c) Disclosure to other third parties pursuant to Art. 6 para. 1 lit. c and f GDPR

We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g., due to official or court orders, or if we are entitled to do so, e.g., because this is necessary for the prosecution of criminal offences or for the exercise and enforcement of our rights and claims.

Data transfer to third countries

As a service provider based in Israel, we take additional measures to ensure an adequate level of data protection for the transfer of personal data in accordance with Art. 44 of the GDPR and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country including India and the USA are met (e.g., by concluding EU standard contracts and additional guarantees, supplementary technical and organisational measures such as encryption or anonymisation).

General technical organisational measures

We have taken a variety of security measures to protect personal information to an appropriate extent and adequately. All information held by us is protected by physical, technical, and procedural measures that limit access to the information to specifically authorised persons in accordance with our Privacy Policy and this Statement.

Our website is behind a software firewall to prevent access from other networks connected to the Internet. In addition, only employees who need the information to perform a specific job are granted access to personally identifiable information. These employees are trained in security and privacy practices and treat your information confidentially.

The transmission of your personal information during an order transaction in the online shop is encrypted using industry standard Secure Socket Layer (“SSL”) technology, (SSL encryption version 3).

Analysis and targeting tools

Google Analytics

Our web site uses Google Analytics to design and improve the web site according to your needs. Google Analytics uses so-called cookies, which are stored on your terminal device, and which enable an analysis of your use of the website. The information generated by the cookie is usually transferred to a Google server in the USA and stored there. We use the extension of IP anonymisation (so-called IP masking) on this website, i.e., your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator.

The legal basis for the data processing is Art. 6 para. 1 lit. f) GDPR.

Google’s services also include reports on the effectiveness of our advertising measures (including across devices), on the demographics and interests of our users, as well as functions for the cross-device delivery of online advertising if you are the owner of a Google account and have consented to the personalisation of advertising (“Ads Personalisation”). In this case, the legal basis for data processing is your consent to Google (Art. 6 para. 1 lit. a) GDPR).

You can object to the collection or analysis of your data by Google Analytics by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.

The data sent by us and linked to cookies, user IDs (e.g., user ID) or advertising IDs are automatically deleted after 14 months.

For more information on the terms of use of Google Analytics, please visit https://www.google.com/analytics/terms/.

Campaign Manager (Formerly Doubleclick by Google)

This web site continues to use Google’s online marketing tool Campaign Manager. Campaign Manager uses cookies to serve ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are shown in which browser and can thus prevent them from being shown more than once. In addition, Campaign Manager can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later calls up the advertiser’s website with the same browser and buys something there. According to Google, Campaign Manager cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Campaign Manager, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will store your IP address.

In addition, the Campaign Manager (DoubleClick Floodlight) cookies used allow us to understand whether you take certain actions on our website after you have accessed or clicked on one of our display/video ads on Google or on another platform via Campaign Manager (conversion tracking). Campaign Manager uses this cookie to understand the content you have interacted with on our websites in order to send you targeted advertising later.

You can prevent participation in this tracking process in various ways: a) by adjusting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving any third-party ads; b) by deactivating conversion tracking cookies by setting your browser to block cookies from the domain www.googleadservices.com , https://www.google.com/settings/ads , in which case this setting will be deleted when you delete your cookies; c) by deactivating the interest-based ads of the providers that are part of the self-regulatory campaign “About Ads” via the link http://www.aboutads.info/choices , in which case this setting will be deleted when you delete your cookies; d) by permanently deactivating them in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin , e) by means of the corresponding cookies setting. We would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

In addition, you can prevent Google from collecting the data generated by the cookies about your use of the websites and the processing of this data by Google by downloading and installing the browser plugin available at https://support.google.com/adsense under “Display settings”, “Extension for Campaign Manager deactivation”.

For more information on Campaign Manager, please visit https://www.google.de/doubleclick and on Google’s data protection in general: https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the web site of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

Insofar as personal data is transferred to the USA, an adequate level of data protection is ensured by means of suitable guarantees. For this purpose, EU standard contractual clauses have been concluded with the provider. Copies of these can be obtained from the person responsible or directly from the European Union at the following link: https://eur-lex.europa.eu/legal-content/en/TXT/?qid=1579074030126&uri=CELEX:02010D0087-20161217 .

The legal basis for this is Art. 6 para. 1 p. 1 lit. f) GDPR.

Google Tag Manager

We use Google Tag Manager, a web analytics service provided by Google, Inc. (“Google”). This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. No cookies are set, and no personal data is collected. The Google Tag Manager triggers other tags that may collect data. The Google Tag Manager does not access this data.

If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager. More information on the Google Tag Manager can be found at the following link: http://www.google.com/tagmanager/use-policy.html .

This service transmits data to the USA. The transmission takes place exclusively on the basis of your consent in accordance with Art. 49 Para. 1 lit. a GDPR. You give your consent by selecting the appropriate option in the consent management tool, which is displayed when you access our site. You can view and adjust your data protection settings here at any time.

The legal basis for this is Art. 6 para. 1 p. 1 lit. f) GDPR.

Facebook Pixel, Facebook Custom Audiences and Facebook Conversion

Within our online offer, the so-called “Facebook Pixel” of the social network Facebook, which is operated by Facebook Inc.

With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine you as a visitor to our online offer as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g., interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can further track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).

The processing of data by Facebook takes place within the framework of Facebook’s data usage policy. Accordingly, general information on the display of Facebook ads, in the data use policy of Facebook. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s help section.

The use of the Facebook Pixel as well as the storage of “conversion cookies” is based on your consent.

Google reCAPTCHA

We use “Google reCAPTCHA” on our websites. The provider is Google Inc. The purpose of reCAPTCHA is to check whether the data input on our websites is made by a human being or by an automated programme, and reCAPTCHA also protects our users from SPAM when using the message function. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. We have a legitimate interest in protecting our offers from abusive automated spying and our users from SPAM.

Online presences in social media

We maintain online presences on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. GDPR. We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write articles on our online presences or send us messages.

Changes

This Policy Statement and our commitment to protecting the privacy of your personal data can result in changes to this Policy Statement. Please regularly review this policy to keep up to date with any changes.

Queries and Complaints

Any comments or queries on this Policy Statement should be directed to us. If you believe that we have not complied with this Policy Statement or acted otherwise than in accordance with data protection law, then you should notify us.