Last Updated: November 4, 2024

1. Introduction

Welcome to the privacy policy of Lubyass LTD ("we," "us," or "our"), the company behind Brilliant, a B2B CRM platform for the events industry, accessible through our website https://brillevent.com. We are committed to protecting the privacy and security of your personal information. This Privacy Policy outlines our practices regarding the collection, use, and safeguarding of data, as well as your rights under Israeli law, including the Privacy Protection Law, 5741-1981 and associated regulations.

2. Information We Collect

To provide our services and enhance user experience, we collect and process the following types of information voluntarily submitted by users:

  • Website Visitors: For those submitting contact forms on our website, we collect:
    • Personal Information: Your name, email address, phone number, and any information you provide in the message field.
  • CRM Users: When you use our Brilliant CRM platform, we collect:
    • Personal and Business Information: Names, email addresses, phone numbers, and other business-related information.
    • Client and Event Data: Details of clients, contacts, events, invoices, income and expenses, relationships, uploaded files, contracts, media (images/videos), products, and pricing.
    • Analytical Data: Device information, location, browser type, and connection details to Google or Microsoft accounts.
  • Payment Information: When users make payments through the Platform, they may provide payment details, such as credit card information, to complete transactions. We do not store credit card numbers or other payment details directly. Payment processing is managed by a secure third-party payment processor.

3. Purpose of Data Collection

We collect data for the following purposes:

  • Service Provision: To enable users to access and fully utilize our CRM services, including event management, client tracking, communication, and financial documentation.
  • Security and Compliance: To ensure data integrity and comply with relevant legal obligations.
  • Improvement of Services: Analytical data helps us to understand user engagement and improve platform functionality and user experience.

4. Legal Basis for Processing

In accordance with Israeli Privacy Protection Law, data is collected and processed based on:

  • Voluntary User Choice: All data is collected voluntarily and is based on users’ choice to enter and store information within the platform.
  • User Consent: By using our platform or website, users consent to data processing as outlined in this policy.
  • Contractual Necessity: Certain data is required to deliver our CRM services effectively.
  • Legal Obligation: Compliance with Israeli law, such as requirements to retain financial records.

5. Data Sharing

We do not share user data with third parties, except:

  • Google Analytics: For analyzing website usage, traffic sources, and improving user experience.
  • Third-Party Payment Processor: Payments made through the Platform are handled by a third-party payment processor, which collects and processes payment details independently and securely. We only receive confirmation of transaction status and do not have access to full payment information.

Lubyass LTD does everything within its power to protect user data and maintain confidentiality; however, we are not liable for the data content, integrity, or safety. Users who choose to enter data into the system do so at their own responsibility and are obliged not to share data outside intended use.

6. User Rights Under Israeli Law

In line with the Privacy Protection Law and best practices for data protection, users have the following rights:

  • Right to Access: Users may view their stored data within the CRM interface.
  • Right to Rectify: Users can modify most of their personal and event-related data through the system.
  • Right to Delete: Users may request deletion of their personal data. Upon such a request:
    • Personal details (such as names and profile images) are removed, while records shared with other parties (e.g., transaction records, documents, chats) are anonymized with an indication of a deleted user profile.
    • Deleted data is retained only as necessary for legal or operational requirements, up to a maximum period of 7 years, after which it is fully removed.
  • Restrictions on Deletion: Some data, including registered email addresses, chats, and certain immutable records, may be retained as required by law or as necessary for business continuity and service integrity.

7. Data Retention

We adhere to legally mandated data retention periods:

  • CRM Platform: User data is retained for a maximum of 7 years to comply with legal and financial record-keeping requirements.
  • Website Data: Contact form submissions are retained for up to 12 months, after which they are deleted unless further engagement or legal obligations require extended storage.

8. Data Security Measures

We take comprehensive measures to protect your data from unauthorized access, disclosure, or misuse:

  • Secure Hosting: Our CRM platform is hosted on Digital Ocean and AWS, utilizing robust firewall protection.
  • Encryption and Access Controls: All data transmissions are encrypted, and secure authentication tokens (JWT) are employed to safeguard user sessions.
  • Monitoring and Prevention: We actively monitor for unauthorized access attempts, block malicious activity, and employ measures to prevent SQL injection attacks and malicious file uploads.
  • External Audits: The system undergoes regular external security audits, and we utilize a CTEM (Cyber Threat Exposure Management) platform for continuous monitoring.

9. Legal Compliance

  • Israeli Data Protection: As required under Israeli law, our data processing activities, particularly with regard to sensitive information, are registered with the Israeli Ministry of Internal Affairs.
  • GDPR Readiness: While primarily governed by Israeli law, we are preparing for GDPR compliance to ensure the security and rights of users in the European Union as we expand.

10. Disclaimer on Intended Use

This platform is intended for business use as a CRM for suppliers, who may have their own suppliers both inside and outside of the platform. Users of this system will enter and manage information related to persons and parties involved in events for business purposes only. The system is designed to handle business-related data, and users should treat all data as business-specific information accordingly.

11. Children’s Privacy

Our services are intended for business purposes and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, regulatory requirements, or other operational needs. We encourage users to review this policy periodically. Any significant changes will be communicated through our website or CRM platform.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at:

Lubyass LTD
Reading 50, Tel Aviv, Israel
Email: info@brillevent.com

דילוג לתוכן