Last Updated: May 28, 2023
Covver Ltd. (“Covver”, “we”, “our” or “us”), offers its users (“User”, “you”, or “your”) an online solution for the creation of store-front sites through which users authorized by the Client (as defined below) can purchase custom-designed branded merchandise. (the “Solution”), including via our website(s) available at https://www.covver.io/ and any other website that we operate (each, together with its sub-domains, content and services, a “Website”) which provides information regarding our Solution and allow users certain functionalities pertaining to the Solution. The Website(s) also allow users to receive demonstrations pertaining to Solution. This privacy policy (“Privacy Policy”) governs and is intended to describe our practices regarding the information (including Personal Information as defined below) that we may collect from you when you use or access our Services (as defined below), the ways in which we may use such information, and the choices and rights available to you. Unless otherwise indicated herein the Website(s) and the Solution are collectively referred to as the “Services”.
When you use our Solution, you may do so (i) in your capacity as an employee
or other personnel of a business to which we provide the Services directly
(“Client”), which you represent as an authorized representative,
including an individual identifying as a Client “admin” user who
uses or accesses the Services under Client’s account or on
Client’s behalf (each a “Client User”), or as a user
authorized by Client or the Client User to use the Services (each, an
“End-User”); (ii) visitors of the Website (each, a
“Visitor”); and (iii) all Candidates (as defined below). For the
purposes of this Privacy Policy, unless otherwise indicated, the term
“User” shall refer to Visitors, Candidates, Client Users and
End-Users.
This Privacy Policy supplements and shall be read in conjunction with our
Subscription Terms and our End-User Terms (the Subscription Terms, End-User
Term and this Privacy Policy, shall be collectively referred to herein as the
“Terms”) available at The Subscription Terms, which you accepted prior to accessing and using the Services. This Privacy
Policy may be supplemented by additional privacy statements, terms or notices
provided to you. Capitalized terms which are not defined herein, shall have
the meaning ascribed to them in our Terms.
Consent and Modification. You are not legally obligated to provide us
Personal Information, and you hereby confirm that providing us Personal
Information is at your own free will. By using the Services, you consent
to the terms of this Privacy Policy and to our collection, processing and
sharing of Personal Information for the purposes set forth herein. If you
do not agree to this Privacy Policy, please do not access or otherwise use
the Services. We reserve the right, at our discretion, to change this
Privacy Policy at any time. Such change will be effective ten (10) days
following posting of the revised Privacy Policy on the Website, and your
continued use of the Services thereafter means that you accept those
changes.
What Types of Information Do We Collect:Non-Personal Information:
2.1 “Non-Personal Information” is un-identified and
non-identifiable information pertaining to a User, which may be made
available to us, or collected automatically via your use of the Services
which does not enable us to identify the person from whom it was
collected. This mainly consists of technical and aggregated
non-identifiable, such as the type of operating system you use, type of
browser you use, your screen resolution, your browser and keyboard
language. In addition, we may collect certain behavioral non personal
information regarding your use of the Services, which may include your
session recordings, “click stream” activity, etc.Personal
Information:
2.2 “Personal Information” is information that identifies an
individual or may with reasonable efforts or together with additional
information we have access to, enable the identification of an individual,
or may be of a private or sensitive nature relating to an identified or
identifiable natural person. Identification of an individual also includes
the association of such individual with a persistent identifier such as a
name, an identification number, persistent cookie identifier etc. over the
course of your use of the Services Personal Information we collect about
you may include the following: your full name, IP address, phone number,
email address, shipping addresses, your organization name, Candidates
Information (as defined below) order history, your password, your
department with one of our Clients, the number of coins granted to you and
certain information you may share with us in your own volition when
contacting us via the Services. Personal Information does not include
information that has been anonymized or aggregated and can no longer be
used to identify a specific natural person.
How We Collect Information From You. We receive and/or collect information
from you in the following ways:
3.1 Information we receive when you use the Solution. When you use
our Solution, as a Client User or an End-User we may collect the certain
Personal Information about our Users.
3.2 Covver Account. In order to use our Solution, you will be
required to create an account (“Covver Account”). If you
create a Covver Account, you will be required to provide us with certain
information, such as your name, shipping address email address, phone
number, organization name, as well as a password that you will use for
your Covver Account. In addition, following the setup of your Covver
Account, we may collect information regarding your use of the Covver
Account and Solution.
3.3 “Request a demo” Information. If you send us a
“Request a demo” request, whether by submitting an online form
that we make available or by sending an email to an email address that we
display, you may be required to provide us with certain information such
as your name and email address.
3.4 Through integrations with certain third-party services. We may
collect Personal Information through integrations with third party service
providers.
3.5 Log Files. We may make use of log files. The information inside
the log files includes internet protocol (IP) addresses, type of browser,
Internet Service Provider (ISP), date/time stamp, referring/exit pages,
clicked pages and any other information your browser may send to us. We
may use such information to analyze trends, administer the Services, track
users’ movement around the Services, and gather demographic
information.
3.6 Candidates. We may use a Candidate’s (as defined below)
Candidate Information (as defined below) solely for our internal
recruitment purposes (including for identifying Candidates, evaluating
their applications, making hiring and employment decisions, and contacting
Candidates by phone or in writing).
3.7 Usage Data. We may store certain data and analytics information
in connection with the routine operation of the Solution, including,
performance and usage data, and/or technical, statistical and aggregated
data resulting from the provision of the Services.
Why do we collect and process your Information.
- To provide and operate our Services.
- To be able to deliver and enhance our Services, and to provide Users
with technical assistance and support.
- To provide our Users with personalized Services.
- To respond to a “Contact Us” or an administrative
request (for example, to change you password)
- To send you updates, notices, notifications, newsletters, and
additional information related to the Services if you are a Visitor or a
Candidate, or to the extent authorized by the Client if you are a Client
User or and End-User.
- To create cumulative statistical data and other cumulative
information that is non-personal, with which we and/or our business
partners might make use in order to operate and improve our Services and
offer related products.
- To identify and authenticate your access to the Services (or any
part thereof) which you are authorized to access, including your
Workspace.
- To comply with any applicable rule or regulation and/or response or
defend against legal proceedings versus us or our affiliates.
What are our legal grounds for collecting and processing your Personal
Information.
5.1 With your Consent. We ask for your consent, (which may be given
directly to Covver or through consent obtained via our Client through our
Clients’ authorized representative or authorized user – a
Client User or End-User, respectively), to process your information for
the specific purposes stated in this Privacy Policy.
5.2 Providing the requested Services. We collect Personal Information
to provide you with the Services you use or intend to use, and when
otherwise required to in the performance of a contract with you, or our
Client.
5.3 Legitimate Interests. We process your information for our
legitimate interests while applying appropriate safeguards that protect
your privacy. This means that we process your information for purposes
like detecting, preventing or otherwise addressing fraud, abuse, security,
usability, functionality or technical issues with our Services; protecting
against harm to the rights, property or safety of our Services, our users
or the public as required or permitted by law; enforcing legal claims,
including investigation of potential violations of this Privacy Policy;
and in order to comply and/or fulfil our obligations under applicable
laws, regulation, guidelines, industry standards and contractual
requirements, legal process, subpoena or governmental request.
The Way We Share Personal Information. We may share and/or transfer your
Personal Information in the following ways and for the following
purposes:
6.1 Internally – We may share information with our family
companies, as well as our employees, for the purposes described in this
Privacy Policy and in accordance with Section 5 above. In addition, should
Covver or any of its affiliates undergo any change in control, including
by means of merger, acquisition or purchase of substantially all of its
assets, your information may be shared with the parties involved in such
event under strict security conditions, for the purpose of evaluating such
event and in accordance with the terms of this Privacy Policy. If we
believe that such change in control might materially affect your Personal
Information then stored with us, we will notify you of this event and the
choices you may have, through prominent notice on our Services.
6.2 Protecting Our Rights and Safety – We may share your
information to enforce this Privacy Policy and/or the Terms of Use,
including investigation of potential violations thereof; to detect,
prevent, or otherwise address fraud, security or technical issues; or
otherwise, if we believe in good faith that this will help protect the
rights, property or personal safety of any of our users, or any member of
the general public.
6.3 Third Parties & Business Partners – When using our
Solution as a Client User, or as an End-User we will share your Personal
Information with the applicable Client with which you are affiliated
(i.e., on behalf of whom we process your information). We may also share
your information with a number of selected service providers, whose
Services and solutions are required or otherwise facilitate achievement of
the purposes of processing set forth under Section 4 above. These third
parties serve in facilitating and enhancing our Services and related
Services, namely, to allow cloud hosting Services (e.g. AWS, Google
Cloud), to facilitate the provision of our Solution (e.g. Shopify and
Print on Demand providers) for analytics purposes (e.g., Google Analytics,
LogRocket), to monitor our Services (e.g. Auth0, Sentry) and process
payments within the Services (e.g., Shopify Payments, Stripe). Our
third-party service providers act as our sub-processors and may only
process your information according to our instructions (which are given in
accordance with the terms hereof). We remain responsible for any
processing of your information done by such third-party service providers
on our behalf not in accordance with the terms hereof, except for events
outside of such service providers’ reasonable control.
6.4 Law Enforcement – We may cooperate with government and law
enforcement officials to enforce and comply with the law. We may therefore
disclose any information to government or law enforcement officials as we
believe necessary or appropriate to respond to claims and legal process
(including but not limited to subpoenas), to protect our or a third
party’s property and legal rights, to protect the safety of the
public or any person, or to prevent or stop any activity we may consider
to be, or to pose a risk of being, illegal, unethical, inappropriate or
legally actionable.
Where do you transfer or store my Personal Information.
Your information may be transferred to, maintained, processed and stored
by us and our authorized affiliates and service providers in the EU.
Please note that Israeli data and privacy laws may not be as comprehensive
as those in your country of residence. Residents of certain countries may
be subject to additional protections, as set forth below. Where Covver
processes Personal Information on behalf of a Client, including without
limitation, Personal Information of a Client User or and End-User, such
Personal Information will be processed in the locations as permitted and
required by the Client.
GDPR (EEA Users): This section applies only to natural persons residing in
the European Economic Area (for the purpose of this section only,
“you” or “your” shall be limited accordingly). It
is Covver’s policy to comply with the EEA’s General Data
Protection Regulation (“GDPR”). In accordance with the GDPR,
we may transfer your Personal Information from your home country to
Israel, the U.S. and/or other countries, provided that the transferee has
provided appropriate safeguards, and on condition that enforceable data
subject rights and effective legal remedies for data subjects are
available. Specifically, we may cause such transfer if we ensured that at
least one of the following applies:
- The country to which Personal Information has been transferred, has
been determined by the EU Commission to be a country providing adequate
protection to the privacy rights of EU residents.
- Application of Standard Contractual Clauses (also known as
“Model Clauses”) where appropriate.
You have additional rights regarding your Personal Information under the
GDPR, please refer to Section 8 below.
Your Rights.
If applicable to you under your country’s jurisdiction, you may have
certain rights in connection with your Personal Information and how we
handle it. You can exercise your rights at any time by contacting us via
any of the methods set out below, and in the case of Client Users or
End-Users, subject to and as set out in Section 21 below. Those
rights may include, but are not limited to, the following:
- Right of access. You may have a right to know what information we
hold about you and, in some cases, to have the information communicated to
you. We reserve the right to ask for reasonable evidence to verify your
identity before we provide you with any information.
- Right to correct Personal Information. We endeavor to keep the
information that we hold about you accurate and up to date. Should you
realize that any of the information that we hold about you is incorrect,
please let us know and we will correct it as soon as we can.
- Data deletion. In some circumstances you have a right to request
that some portions of the Personal Information that we hold about you be
deleted or otherwise anonymized.
- Data portability. In some circumstances, you may have the right to
request that data which you have provided to us is provided to you, so you
can transfer this to another data controller.
- Restriction of processing. In some cases, you may have the right to
request a restriction of the processing of your Personal Information, such
as when you are disputing the accuracy of your information held by us.
Cookies and Other Tracking Technologies. Our Services may utilize
“cookies”, anonymous identifiers and other tracking
technologies in order to for us to provide our Services and present you
with information that is customized for you. A “cookie” is a
small text file that may be used, for example, to collect information
about activity on the Services. Certain cookies and other technologies may
serve to recall Personal Information, such as an IP address, previously
indicated by a user. Most browsers allow you to control cookies, including
whether or not to accept them and how to remove them. You may set most
browsers to notify you if you receive a cookie, or you may choose to block
cookies with your browser.
9.1 Google Analytics and Google Ads. We may use analytics services
used by Google Analytics. (“Google Analytics”) and Google Ads.
For more information about Google Analytics and Google Ads, please see the
Google privacy policy available at https://policies.google.com/technologies/partner-sites.
9.2 Fullstory. We may use an analytics tool offered by Fullstory,
Inc. (“Fullstory”). For more information about Fullstory and
how to opt out of Fullstory’s collection and processing of data,
please see the Fullstory privacy policy available at https://www.fullstory.com/legal/privacy-policy/
9.3 Coralogix. We may use an analytics tool offered by Coralogix Ltd.
(“Coralogix”). For more information about Coralogix and how to
opt out of Coralogix’s collection and processing of data, please see
the Coralogix privacy policy available at https://coralogix.com/privacy-policy/
9.4 Auth0. We may use an encryption tool offered by Auth0 Inc.
(“Auth0”). For more information about Auth0 and how to opt out
of Auth0’s collection and processing of data, please see the Auth0
privacy policy available at https://auth0.com/privacy
9.5 Shopify. We may use a platform offered by Shopify Commerce
Singapore Pte. Ltd. (“Shopify”). For more information about
Auth0 and how to opt out of Shopify’s collection and processing of
data, please see the Shopify privacy policy available at https://www.shopify.com/legal/privacy.
9.6 Linkedin. We may use a service offered by Linkedin.
(“Linkedin”). For more information about Linkedin and how to
opt out of Linkedin’s collection and processing of data, please see
the Linkedin privacy policy available at https://www.linkedin.com/legal/privacy-policy
9.7 Sentry. We may use a service offered by Sentry Inc.
(“Sentry”). For more information about Sentry and how to opt
out of Sentry’s collection and processing of data, please see the
Sentry privacy policy available at https://sentry.io/privacy/
9.8 Flatfile. We may use a service offered by Flatfile Inc.
(“Flatfile”). For more information about Flatfile and how to
opt out of Flatfile’s collection and processing of data, please see
the Flatfile privacy policy available at https://flatfile.com/privacy/
9.9 Builde.io. We may use a service offered by Builder.io.
(“Builder.io”). For more information about Builder.io and how
to opt out of Builder.io’s collection and processing of data, please
see the Builde.io privacy policy available at https://builder.io/docs/privacy
9.10 ZoomInfo. We may use a service offered by ZoomInfo.
(“ZoomInfo”). For more information about ZoomInfo and how to
opt out of ZoomInfo’s collection and processing of data, please see
the ZoomInfo privacy policy available at https://www.zoominfo.com/about-zoominfo/privacy-policy
Use of Anonymous Information. We may use Anonymous Information (as defined
below) or disclose it to third party service providers in order to improve
our Services and enhance your experience with the Services. We may also
disclose Anonymous Information (with or without compensation) to third
parties, including advertisers and partners. “Anonymous
Information” means information which does not enable identification
of an individual user, such as aggregated information about the use of our
Services.
Opting Out. You may choose not to receive future promotional, advertising,
or other Services-related emails from us by selecting an unsubscribe link
at the bottom of each email that we send. Please note that even if you opt
out of receiving the foregoing emails, we may still send you a response to
any “Request a demo” request as well as administrative emails
(for example, in connection with a password reset request) that are
necessary to facilitate your use of the Services.
Data Retention. We will retain your Personal Information only for as long
as necessary to achieve the purposes for collection and processing set
forth above. Retention periods will be determined taking into account the
type of information that is collected and the purpose for which it is
collected, bearing in mind the requirements applicable to the situation
and the need to destroy outdated, unused information at the earliest
reasonable time. If you withdraw your consent to our processing your
Personal Information, we will delete your Personal Information from our
systems (except to the extent retaining such data in whole or in part is
necessary to comply with any applicable rule or regulation and/or to
respond to or defend against legal proceedings brought against us or our
affiliates), except where we process your information as a processor on
behalf of our Client (such as your employer or other entity with which you
are affiliated in connection with the use of our Services) in which case
data retention is subject to such Client’s instructions, as further
described in Section 21 below.
Choice. At all times, you may choose whether or not to provide or disclose
Personal Information. If you choose not to provide mandatory Personal
Information, you may still visit parts of the Services but you may be
unable to access certain options, programs, offers, and services that
involve our interaction with you.
Access/Accuracy. To the extent that you do provide us with Personal
Information, we wish to maintain accurate Personal Information. If you
would like to delete or correct any of your other Personal Information
that we may be storing, you may use the tools that we make available on
the Services or you may submit an access request by sending an email
to support@covverme.com.
Your email should include adequate details of your request.
Links to and Interaction with Third Party Products. The Services may
enable you to interact with or contain links to third party websites,
mobile software applications and services that are not owned or controlled
by us (each, a “Third Party Service”). We are not responsible
for the privacy practices or the content of such Third Party Services.
Please be aware that Third Party Services may collect Personal Information
from you. Accordingly, we encourage you to read the terms and conditions
and privacy policy of each Third Party Service that you choose to use or
interact with.
Children’s Privacy. The Services are not intended for users under
the age of 18 years. If we learn that we have collected Personal
Information from a user under 18 years, we will delete that information as
quickly as possible. If you believe that we might have any such
information, please contact us at support@covver.io.
Candidates. We welcome qualified candidates (“Candidate(s)”)
to apply to any of the open positions posted at our Services or via our
dedicated third-party social media pages (e.g. LinkedIn) by sending us
your CV or Resume and any other information you may choose to share with
us (“Candidate Information”). Since privacy and discreetness
are very important to our Candidates, we are committed to keep Candidate
Information private and will use it solely for our internal recruitment
purposes.
Please note that we may retain Candidate Information submitted to us even
after the applied position has been filled or closed. This is done so we
could re-consider Candidates for other suitable positions and
opportunities at Covver; so, we could can use the Candidate Information as
a reference for future applications; and in case the Candidate is hired,
for additional employment and business purposes related to their
employment with us.
If you previously submitted your Candidate Information to us, and now wish
to access it, update it or have it deleted from our systems, please
contact us at support@covver.io.
Security. The security of Personal Information is important to us. We
follow generally accepted industry standards, including the use of
appropriate administrative, physical and technical safeguards, to protect
the Personal Information submitted to us. However, no method of
transmission over the Internet, or method of electronic storage, is 100%
secure. Therefore, while we strive to use reasonable acceptable means to
protect your Personal Information, we cannot guarantee its absolute
security or confidentiality. If you have any questions about security on
the Services, you can contact us at support@covver.io.
Our California Do Not Track Notice.
We do not track consumers over time and across third party websites and
therefore do not respond to Do Not Track signals. We do not allow third
parties to collect personally identifiable information about an individual
consumer’s online activities over time and across different web
sites when a consumer uses the Services.
Commitment. We are committed to protecting your privacy. Protecting your
privacy online is an evolving area, and we are constantly evolving our
Services to meet these demands. If you have any comments or questions
regarding our Privacy Policy, or your Personal Information that we may be
storing and using, please contact us at support@covver.io.
Data Controller / Processor. Under various privacy, data protection or
similar laws, regulations, or additional legal frameworks, such as
Regulation (EU) 2016/679 (the “GDPR”) or the California
Consumer Privacy Act of 2018 (the “CCPA”), two distinguished
main roles for parties processing Personal Information typically apply:
the “data controller” (or under the CCPA, a
“business”), who determines the purposes and means of
processing; and the “data processor” (or under the CCPA, a
“service provider”), who processes such data on behalf of the
data controller (or business). Below we provide additional information on
how these roles apply to our Services, where such laws and regulations
apply.
Covver is the “data controller” of its Visitors’ and
Candidates’ Personal Information, as detailed above. Accordingly, we
assume the responsibilities of a data controller (solely to the extent
applicable under law), as set forth in this Privacy Policy.
Covver is the “data processor” of its End-Users and Client
Users’ Personal Information, as submitted or otherwise provided to
us by our Client and/or Client Users and/or End-Users. We process such
data on behalf of our Client (who in turn is the “data
controller” of such data) and in accordance with its reasonable
instructions, and our commercial agreements with such Client.
Our Clients are solely responsible for determining whether and how they
wish to use our Services, and for ensuring that all individuals using the
Services on the Client’s behalf or at their request, as well as all
individuals whose personal data may be included in any Personal
Information processed through the Services, have been provided with
adequate notice and given informed consent to the processing of their
Personal Information, where such consent is necessary or advised, and that
all legal requirements applicable to the collection, use or other
processing of data through our Services are fully met by the Client. Our
Clients are also responsible for handling data subject rights requests
under applicable law, by their Client Users and other individuals whose
data they process through the Services (and accordingly, if you are a
Client User or other individual whose Personal Information was provided to
us in connection with Client’s use of the Services, Covver does not
provide to you the rights set forth in Section 8 above).
If you would like to make any requests or queries regarding Personal
Information we process as a data processor on our Client’s behalf,
including accessing, correcting, or deleting your data, please contact the
Client and/or an applicable Client User directly.