Privacy Policy
ASR-SERVICE
1. General Provisions
1.1. This Privacy Policy governs the collection, storage, processing, transfer, and protection of personal information of users of the website https://asr-service.co.il and ASR-SERVICE online services.
1.2. ASR-SERVICE is an international corporate consulting group integrating specialists and enterprises in Israel, Europe, the USA, and CIS countries, with a focus on innovation, technology, and proprietary software solutions, including socially significant projects.
1.3. We operate in accordance with Israeli law (Privacy Protection Law, 5741–1981 — חוק הגנת הפרטיות; Information Security Regulations, 5777–2017 — תקנות אבטחת מידע תשע״ז–2017) and international standards (GDPR, EU Regulation 2016/679; SCC — Standard Contractual Clauses; relevant ISO/IEC practices). Use of the Website constitutes the user’s informed consent to this Policy.
1.4. Data Controller: ASR-SERVICE.
Contact for requests, complaints, and the exercise of data subject rights: asrservice@gmail.com.
1.5. Database Registration: upon reaching a threshold of 10,000 records and/or processing of sensitive data, the operator registers the database with the Israeli Privacy Protection Authority (רשות להגנת הפרטיות) and complies with applicable requirements.
2. Collected Information
2.1. Personal data voluntarily provided by the user: name, e-mail, phone number, address (if provided), information in application forms and correspondence.
2.2. Technical data: IP address, browser type/version, operating system and device, interface language, session identifiers, cookies/local storage, performance and error data.
2.3. Interaction data: visited pages, clicks, scrolls, time spent on page, referral sources, form results, user settings and preferences.
2.4. Communications: inquiries via support channels (including asrservice@gmail.com), records of interactions, and their outcomes.
2.5. Special categories of data (sensitive information) are collected only with explicit consent and strictly for declared purposes: health data, financial transactions, biometrics, beliefs, or other information requiring enhanced protection.
3. Purposes of Processing
3.1. Provision and improvement of services, fulfillment of contractual obligations, and support of ASR-SERVICE projects in Israel, Europe, the USA, and CIS countries.
3.2. Support and development of proprietary technological solutions and R&D; performance and UX analysis; statistics and internal reporting.
3.3. Information security: prevention of fraud, incidents, and violations; protection of the rights and legitimate interests of ASR-SERVICE (including protection of trademarks and intellectual property).
3.4. Legal obligations: compliance with applicable law, accounting and tax reporting, responses to regulatory inquiries.
3.5. User communications: responses to inquiries, operational notifications; marketing messages are sent only with separate consent and with the option to opt out.
3.6. Personalization of services and content, subject to user settings.
4. Cookies and Similar Technologies
4.1. We use cookies, pixels, and other identifiers for authentication, saving preferences, ensuring security, analytics, and improving the user interface.
4.2. Certain cookies/identifiers may be set by our service providers (hosting, analytics and advertising platforms, payment gateways) strictly to deliver agreed functionalities.
4.3. Cookie management is available in the browser settings; disabling cookies may limit certain website functions.
5. Data Storage and Protection
5.1. All personal data of users is stored on secure servers located in Israel and abroad (EU, USA, CIS countries), with encryption and protection technologies at the level of TLS 1.3 / AES-256.
5.2. Access to information is granted only to authorized employees and contractors bound by confidentiality obligations.
5.3. Security measures include: firewalls, multi-factor authentication, regular security audits, backups, and activity monitoring.
5.4. In the event of a security incident, the operator notifies supervisory authorities and users within the timeframes prescribed by law.
6. International Data Transfers
6.1. User data may be transferred and processed in Israel, Europe, the USA, and CIS countries.
6.2. Cross-border transfers are carried out using protection mechanisms such as Standard Contractual Clauses (SCC), GDPR-compliant agreements, and ISO/IEC standards.
6.3. All ASR-SERVICE partners and contractors are required to ensure a level of personal data protection comparable to Israeli law and international standards.
7. User Rights
7.1. The User has the right to:
– obtain confirmation of the existence of data and access it;
– request correction or updating of information;
– request deletion (“right to be forgotten”) or restriction of processing;
– object to the processing of data for marketing purposes;
– receive a copy of data in a structured electronic format (right to data portability).
7.2. Requests can be submitted via e-mail: asrservice@gmail.com. A response will be provided within 30 days.
7.3. The User has the right to file a complaint with the Israeli Privacy Protection Authority (רשות להגנת הפרטיות) or with EU supervisory authorities.
8. Data Retention Periods
8.1. Data is stored only for as long as necessary for the purposes for which it was collected, or longer if required by law.
8.2. Standard retention periods:
– registration and contractual data — up to 7 years;
– accounting records and payments — in accordance with Israeli tax legislation;
– technical logs — up to 12 months;
– analytical data — up to 24 months (with subsequent anonymization);
– correspondence — up to 3 years after the request is closed.
8.3. After expiration of retention periods, data is either deleted or converted into anonymized form.
9. Data Sharing with Third Parties
9.1. Personal information may be shared with third parties exclusively in the following cases:
– to perform a contract and provide services to the user;
– with the user’s consent;
– upon a lawful request from government authorities or judicial bodies;
– to ASR-SERVICE contractors and partners (payment providers, hosting, analytics, IT support) operating under confidentiality and data protection agreements.
9.2. All partners are required to ensure an adequate level of data protection and to use the information solely within the scope of the services provided.
9.3. Data transfers for research or statistical purposes are permitted only in anonymized form.
10. Marketing and Notifications
10.1. The User may receive from ASR-SERVICE:
– informational updates on the status of orders and applications;
– notifications about changes to services;
– offers regarding new products and services, promotions, and events.
10.2. Marketing communications are sent exclusively with the user’s prior consent.
10.3. The User has the right to unsubscribe from marketing communications at any time via the “Unsubscribe” link or by contacting asrservice@gmail.com.
11. Changes to the Policy
11.1. This Privacy Policy may be updated and supplemented.
11.2. In the event of significant changes, ASR-SERVICE will notify users by posting a notice on the Website and/or sending a message to the user’s contact details (if provided).
11.3. The updated version of the Policy becomes effective upon publication on the Website, unless otherwise specified.
12. Contacts
Data Controller: ASR-SERVICE
Website: https://asr-service.co.il
Email for inquiries: asrservice@gmail.com
Response time to user requests — up to 30 calendar days in accordance with Israeli law and international standards.
13. International Data Transfers
13.1. Users’ personal information may be processed and stored on servers located in Israel, Europe, the USA, and CIS countries.
13.2. All cross-border transfers are carried out in compliance with GDPR mechanisms (including Standard Contractual Clauses, SCC) and Israeli legislation.
13.3. Partners and contractors accessing data outside Israel are required to ensure a level of protection consistent with international ISO/IEC standards and GDPR requirements.
14. Processing of Sensitive Data
14.1. Sensitive data includes information on health, biometric parameters, financial details, political and religious beliefs, ethnic origin, and other categories requiring special protection.
14.2. Such data may be collected and processed only with the user’s explicit consent or in cases provided by law.
14.3. ASR-SERVICE processes sensitive data to the minimum extent necessary, solely for the purpose of providing services, and never uses it for marketing purposes.
14.4. Special protection measures apply to such data: separate encryption, restricted access, and storage only on certified servers.
15. Operator’s Responsibility
15.1. ASR-SERVICE is responsible for complying with Israeli law, international standards, and its own obligations when processing personal data.
15.2. The Company is not liable for actions of third parties who gain access to information due to the user’s own negligence (e.g., password disclosure).
15.3. We are not responsible for the privacy policies of third-party websites that may be linked from our resource.
15.4. In the event of a violation, ASR-SERVICE takes measures to eliminate the breach and prevent its recurrence, as well as notifying the competent authorities and the user.
16. Final Provisions
16.1. This Privacy Policy is an official document of ASR-SERVICE and is binding for all employees, contractors, and partners.
16.2. All matters not regulated by this Policy are governed by the laws of Israel, as well as international acts on personal data protection.
16.3. Any disputes and disagreements shall be resolved in the courts of Israel, unless otherwise provided by international treaties.
16.4. Last updated: September 2025.
Appendix 1
September 2025
Extended Data Protection Provisions
1. Device Identifiers and Logs
1.1. For diagnostics and troubleshooting, the following may be collected:
– device and application identifiers (e.g., Android ID, iOS IDFA/IDFV, device model, OS version);
– network data (IP address, connection type, carrier);
– event logs, crash reports, system module tags;
– attachments provided by the user (photos, videos, screenshots, audio files).
1.2. This data is processed solely for the purposes of diagnostics, support, and improving service quality.
2. Push Notifications and Communications
2.1. Unique notification tokens (e.g., Firebase Cloud Messaging, APNs) are processed to deliver push notifications.
2.2. Users may opt out of push notifications via device settings or the service interface.
2.3. System notifications related to contract execution (e.g., order confirmations) may be sent without separate consent.
3. Third-Party SDKs and Services
3.1. Third-party SDKs and providers are used for service operation.
3.2. SDK categories:
– analytics and statistics (e.g., Google Analytics, Firebase, Yandex.Metrica);
– stability monitoring and logging (e.g., Sentry, Crashlytics, LogRocket);
– marketing and personalization (e.g., Google Ads, Facebook Pixel, Mailchimp, HubSpot);
– payment gateways (e.g., PayPal, Stripe, Max/Isracard, Apple Pay, Google Pay);
– infrastructure and hosting (e.g., AWS, Azure, Google Cloud, Hetzner).
3.3. Each SDK/service is governed by a Data Processing Agreement (DPA) including GDPR/SCC, ISO/IEC, and an obligation to use data solely for its functions.
4. Exceptions Without Consent
Processing without separate consent is permitted in cases of:
– contract performance with the user;
– fulfillment of legal obligations;
– protection of vital interests;
– tasks carried out in the public interest;
– legitimate interests of the operator (without prejudice to data subject rights);
– publication of data by the subject in open access;
– ensuring service security and stability.
5. Privacy Management
5.1. Users have access to a Privacy Center/cookie center to:
– enable/disable analytical and marketing cookies;
– withdraw consent for personal data processing;
– manage push notification and email subscription settings.
5.2. Global Privacy Control (GPC) signals and similar mechanisms are supported.
6. Minors
6.1. Services are not intended for individuals under 16 (or the applicable age of consent under local law).
6.2. Children’s data is not intentionally processed.
6.3. If children’s data is identified as collected without proper consent, such data will be deleted.
7. Automated Decisions and Profiling
7.1. Users are informed of personalization and automated data processing.
7.2. No decisions with legal consequences are made solely based on automated processing.
7.3. Users have the right to object and request human intervention.
8. Controller / Processor / Joint Controller
8.1. In services provided to end-users, the operator acts as a data controller.
8.2. When working with corporate clients, the operator may act as a processor under a Data Processing Agreement (DPA).
8.3. In cases of jointly determined purposes and means of processing, a joint controller regime applies, with transparent allocation of responsibilities.
9. Data Protection Officer (DPO/Privacy Officer)
A designated DPO/Privacy Officer is appointed, and their contact details are published in the policy.
For users in the EU/UK, a representative under Article 27 GDPR may be appointed.
10. Breach Notification
10.1. In the event of a security incident, the operator notifies the supervisory authority within 72 hours (GDPR) and affected data subjects without undue delay.
10.2. Notifications include: nature of the breach, categories of affected data, consequences, and measures taken.
11. Data Retention Matrix
Data Category Retention Period Further Actions
Accounts and contact details account duration + 24 months deletion/pseudonymization
Requests and support tickets up to 36 months after closure deletion/anonymization
Error logs and diagnostics 90–180 days aggregation/deletion
Marketing consents and prefs until withdrawal + 24 months for audit deletion
Payment and accounting data at least 7 years (per tax law) archiving/deletion
Media attachments (photo/video) until case closure + 12 months deletion
Cookies/identifiers up to 30 days or until user withdrawal deletion
12. Logging and Access Control
12.1. All actions involving personal data are recorded in audit logs.
12.2. Access is granted on a least privilege basis (PoLP).
12.3. Roles and access rights are reviewed at least once every 12 months.
13. User Applications and Attachments
13.1. Users are responsible for ensuring that uploaded photos/videos/files do not contain third-party data without consent.
13.2. The operator warns of the risk of excessive data transfer and applies minimization and masking in processing.
14. Disclaimer
All information posted on this website, including texts, photos, videos, images, and other content, is provided for informational purposes only. Any resemblance to actual persons, organizations, or events is purely coincidental and unrelated to specific individuals.
Some materials are created by our company, others are provided by partners and clients, and may also be generated using artificial intelligence technologies. All materials are for demonstration and informational purposes only and cannot be regarded as direct instructions, legal or professional advice.
The company bears no responsibility for the interpretation of posted information, nor for any direct or indirect consequences of its use. By using this website, you confirm your understanding that all content is informational and cannot serve as grounds for claims or demands against the company, its employees, partners, or clients.
