Privacy Policy

Last Updated: May 28, 2023
 

Covver Ltd. (“Covver”, “we”, “our” or “us”), offers its users (“User”, “you”, or “your”) an online solution for the creation of store-front sites through which users authorized by the Client (as defined below) can purchase custom-designed branded merchandise. (the “Solution”), including via our website(s) available at https://www.covver.io/ and any other website that we operate (each, together with its sub-domains, content and services, a “Website”) which provides information regarding our Solution and allow users certain functionalities pertaining to the Solution. The Website(s) also allow users to receive demonstrations pertaining to Solution. This privacy policy (“Privacy Policy”) governs and is intended to describe our practices regarding the information (including Personal Information as defined below) that we may collect from you when you use or access our Services (as defined below), the ways in which we may use such information, and the choices and rights available to you. Unless otherwise indicated herein the Website(s) and the Solution are collectively referred to as the “Services”. 

When you use our Solution, you may do so (i) in your capacity as an employee or other personnel of a business to which we provide the Services directly (“Client”), which you represent as an authorized representative, including an individual identifying as a Client “admin” user who uses or accesses the Services under Client’s account or on Client’s behalf (each a “Client User”), or as a user authorized by Client or the Client User to use the Services (each, an “End-User”); (ii) visitors of the Website (each, a “Visitor”); and (iii) all Candidates (as defined below). For the purposes of this Privacy Policy, unless otherwise indicated, the term “User” shall refer to Visitors, Candidates, Client Users and End-Users.

This Privacy Policy supplements and shall be read in conjunction with our Subscription Terms and our End-User Terms (the Subscription Terms, End-User Term and this Privacy Policy, shall be collectively referred to herein as the “Terms”) available at The Subscription Terms, which you accepted prior to accessing and using the Services. This Privacy Policy may be supplemented by additional privacy statements, terms or notices provided to you. Capitalized terms which are not defined herein, shall have the meaning ascribed to them in our Terms.
 

1. Consent and Modification. You are not legally obligated to provide us Personal Information, and you hereby confirm that providing us Personal Information is at your own free will. By using the Services, you consent to the terms of this Privacy Policy and to our collection, processing and sharing of Personal Information for the purposes set forth herein. If you do not agree to this Privacy Policy, please do not access or otherwise use the Services. We reserve the right, at our discretion, to change this Privacy Policy at any time. Such change will be effective ten (10) days following posting of the revised Privacy Policy on the Website, and your continued use of the Services thereafter means that you accept those changes.
    

2. What Types of Information Do We Collect:Non-Personal Information:
   2.1 “Non-Personal Information” is un-identified and non-identifiable information pertaining to a User, which may be made available to us, or collected automatically via your use of the Services which does not enable us to identify the person from whom it was collected. This mainly consists of technical and aggregated non-identifiable, such as the type of operating system you use, type of browser you use, your screen resolution, your browser and keyboard language. In addition, we may collect certain behavioral non personal information regarding your use of the Services, which may include your session recordings, “click stream” activity, etc.Personal Information:
   2.2 “Personal Information” is information that identifies an individual or may with reasonable efforts or together with additional information we have access to, enable the identification of an individual, or may be of a private or sensitive nature relating to an identified or identifiable natural person. Identification of an individual also includes the association of such individual with a persistent identifier such as a name, an identification number, persistent cookie identifier etc. over the course of your use of the Services Personal Information we collect about you may include the following: your full name, IP address, phone number, email address, shipping addresses, your organization name, Candidates Information (as defined below) order history, your password, your department with one of our Clients, the number of coins granted to you and certain information you may share with us in your own volition when contacting us via the Services. Personal Information does not include information that has been anonymized or aggregated and can no longer be used to identify a specific natural person.
    

3. How We Collect Information From You. We receive and/or collect information from you in the following ways:
   3.1 Information we receive when you use the Solution. When you use our Solution, as a Client User or an End-User we may collect the certain Personal Information about our Users.
   3.2 Covver Account. In order to use our Solution, you will be required to create an account (“Covver Account”). If you create a Covver Account, you will be required to provide us with certain information, such as your name, shipping address email address, phone number, organization name, as well as a password that you will use for your Covver Account. In addition, following the setup of your Covver Account, we may collect information regarding your use of the Covver Account and Solution.  
   3.3 “Request a demo” Information. If you send us a “Request a demo” request, whether by submitting an online form that we make available or by sending an email to an email address that we display, you may be required to provide us with certain information such as your name and email address.
   3.4 Through integrations with certain third-party services. We may collect Personal Information through integrations with third party service providers.
   3.5 Log Files. We may make use of log files. The information inside the log files includes internet protocol (IP) addresses, type of browser, Internet Service Provider (ISP), date/time stamp, referring/exit pages, clicked pages and any other information your browser may send to us. We may use such information to analyze trends, administer the Services, track users’ movement around the Services, and gather demographic information.
   3.6 Candidates. We may use a Candidate’s (as defined below) Candidate Information (as defined below) solely for our internal recruitment purposes (including for identifying Candidates, evaluating their applications, making hiring and employment decisions, and contacting Candidates by phone or in writing).
   3.7 Usage Data. We may store certain data and analytics information in connection with the routine operation of the Solution, including, performance and usage data, and/or technical, statistical and aggregated data resulting from the provision of the Services.
    

4. Why do we collect and process your Information.
   - To provide and operate our Services.
   - To be able to deliver and enhance our Services, and to provide Users with technical assistance and support.
   - To provide our Users with personalized Services.
   - To respond to a “Contact Us” or an administrative request (for example, to change you password)
   - To send you updates, notices, notifications, newsletters, and additional information related to the Services if you are a Visitor or a Candidate, or to the extent authorized by the Client if you are a Client User or and End-User.
   - To create cumulative statistical data and other cumulative information that is non-personal, with which we and/or our business partners might make use in order to operate and improve our Services and offer related products.
   - To identify and authenticate your access to the Services (or any part thereof) which you are authorized to access, including your Workspace.
   - To comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates.
    

5. What are our legal grounds for collecting and processing your Personal Information.
   5.1 With your Consent. We ask for your consent, (which may be given directly to Covver or through consent obtained via our Client through our Clients’ authorized representative or authorized user – a Client User or End-User, respectively), to process your information for the specific purposes stated in this Privacy Policy.
   5.2 Providing the requested Services. We collect Personal Information to provide you with the Services you use or intend to use, and when otherwise required to in the performance of a contract with you, or our Client.
   5.3 Legitimate Interests. We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. This means that we process your information for purposes like detecting, preventing or otherwise addressing fraud, abuse, security, usability, functionality or technical issues with our Services; protecting against harm to the rights, property or safety of our Services, our users or the public as required or permitted by law; enforcing legal claims, including investigation of potential violations of this Privacy Policy; and in order to comply and/or fulfil our obligations under applicable laws, regulation, guidelines, industry standards and contractual requirements, legal process, subpoena or governmental request.
    

6. The Way We Share Personal Information. We may share and/or transfer your Personal Information in the following ways and for the following purposes:
   6.1 Internally – We may share information with our family companies, as well as our employees, for the purposes described in this Privacy Policy and in accordance with Section 5 above. In addition, should Covver or any of its affiliates undergo any change in control, including by means of merger, acquisition or purchase of substantially all of its assets, your information may be shared with the parties involved in such event under strict security conditions, for the purpose of evaluating such event and in accordance with the terms of this Privacy Policy. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have, through prominent notice on our Services.
   6.2 Protecting Our Rights and Safety – We may share your information to enforce this Privacy Policy and/or the Terms of Use, including investigation of potential violations thereof; to detect, prevent, or otherwise address fraud, security or technical issues; or otherwise, if we believe in good faith that this will help protect the rights, property or personal safety of any of our users, or any member of the general public.
   6.3 Third Parties & Business Partners – When using our Solution as a Client User, or as an End-User we will share your Personal Information with the applicable Client with which you are affiliated (i.e., on behalf of whom we process your information). We may also share your information with a number of selected service providers, whose Services and solutions are required or otherwise facilitate achievement of the purposes of processing set forth under Section 4 above. These third parties serve in facilitating and enhancing our Services and related Services, namely, to allow cloud hosting Services (e.g. AWS, Google Cloud), to facilitate the provision of our Solution (e.g. Shopify and Print on Demand providers) for analytics purposes (e.g., Google Analytics, LogRocket), to monitor our Services (e.g. Auth0, Sentry) and process payments within the Services (e.g., Shopify Payments, Stripe). Our third-party service providers act as our sub-processors and may only process your information according to our instructions (which are given in accordance with the terms hereof). We remain responsible for any processing of your information done by such third-party service providers on our behalf not in accordance with the terms hereof, except for events outside of such service providers’ reasonable control.
   6.4 Law Enforcement – We may cooperate with government and law enforcement officials to enforce and comply with the law. We may therefore disclose any information to government or law enforcement officials as we believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party’s property and legal rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable.
    

7. Where do you transfer or store my Personal Information.
   Your information may be transferred to, maintained, processed and stored by us and our authorized affiliates and service providers in the EU. Please note that Israeli data and privacy laws may not be as comprehensive as those in your country of residence. Residents of certain countries may be subject to additional protections, as set forth below. Where Covver processes Personal Information on behalf of a Client, including without limitation, Personal Information of a Client User or and End-User, such Personal Information will be processed in the locations as permitted and required by the Client.
   
   GDPR (EEA Users): This section applies only to natural persons residing in the European Economic Area (for the purpose of this section only, “you” or “your” shall be limited accordingly). It is Covver’s policy to comply with the EEA’s General Data Protection Regulation (“GDPR”). In accordance with the GDPR, we may transfer your Personal Information from your home country to Israel, the U.S. and/or other countries, provided that the transferee has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available. Specifically, we may cause such transfer if we ensured that at least one of the following applies:
   - The country to which Personal Information has been transferred, has been determined by the EU Commission to be a country providing adequate protection to the privacy rights of EU residents.
   - Application of Standard Contractual Clauses (also known as “Model Clauses”) where appropriate.
   
   You have additional rights regarding your Personal Information under the GDPR, please refer to Section 8 below.
    

8. Your Rights.
   If applicable to you under your country’s jurisdiction, you may have certain rights in connection with your Personal Information and how we handle it. You can exercise your rights at any time by contacting us via any of the methods set out below, and in the case of Client Users or End-Users, subject to and as set out in Section ‎21 below. Those rights may include, but are not limited to, the following:
   - Right of access. You may have a right to know what information we hold about you and, in some cases, to have the information communicated to you. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information.
   - Right to correct Personal Information. We endeavor to keep the information that we hold about you accurate and up to date. Should you realize that any of the information that we hold about you is incorrect, please let us know and we will correct it as soon as we can.
   - Data deletion. In some circumstances you have a right to request that some portions of the Personal Information that we hold about you be deleted or otherwise anonymized.
   - Data portability. In some circumstances, you may have the right to request that data which you have provided to us is provided to you, so you can transfer this to another data controller.
   - Restriction of processing. In some cases, you may have the right to request a restriction of the processing of your Personal Information, such as when you are disputing the accuracy of your information held by us.
    

9. Cookies and Other Tracking Technologies. Our Services may utilize “cookies”, anonymous identifiers and other tracking technologies in order to for us to provide our Services and present you with information that is customized for you. A “cookie” is a small text file that may be used, for example, to collect information about activity on the Services. Certain cookies and other technologies may serve to recall Personal Information, such as an IP address, previously indicated by a user. Most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser.
   9.1 Google Analytics and Google Ads. We may use analytics services used by Google Analytics. (“Google Analytics”) and Google Ads. For more information about Google Analytics and Google Ads, please see the Google privacy policy available at https://policies.google.com/technologies/partner-sites.
   9.2 Fullstory. We may use an analytics tool offered by Fullstory, Inc. (“Fullstory”). For more information about Fullstory and how to opt out of Fullstory’s collection and processing of data, please see the Fullstory privacy policy available at https://www.fullstory.com/legal/privacy-policy/
   9.3 Coralogix. We may use an analytics tool offered by Coralogix Ltd. (“Coralogix”). For more information about Coralogix and how to opt out of Coralogix’s collection and processing of data, please see the Coralogix privacy policy available at https://coralogix.com/privacy-policy/
   9.4 Auth0. We may use an encryption tool offered by Auth0 Inc. (“Auth0”). For more information about Auth0 and how to opt out of Auth0’s collection and processing of data, please see the Auth0 privacy policy available at https://auth0.com/privacy
   9.5 Shopify. We may use a platform offered by Shopify Commerce Singapore Pte. Ltd. (“Shopify”). For more information about Auth0 and how to opt out of Shopify’s collection and processing of data, please see the Shopify privacy policy available at https://www.shopify.com/legal/privacy.
   9.6 Linkedin. We may use a service offered by Linkedin. (“Linkedin”). For more information about Linkedin and how to opt out of Linkedin’s collection and processing of data, please see the Linkedin privacy policy available at https://www.linkedin.com/legal/privacy-policy
   9.7 Sentry. We may use a service offered by Sentry Inc. (“Sentry”). For more information about Sentry and how to opt out of Sentry’s collection and processing of data, please see the Sentry privacy policy available at https://sentry.io/privacy/
   9.8 Flatfile. We may use a service offered by Flatfile Inc. (“Flatfile”). For more information about Flatfile and how to opt out of Flatfile’s collection and processing of data, please see the Flatfile privacy policy available at https://flatfile.com/privacy/
   9.9 Builde.io. We may use a service offered by Builder.io. (“Builder.io”). For more information about Builder.io and how to opt out of Builder.io’s collection and processing of data, please see the Builde.io privacy policy available at https://builder.io/docs/privacy
   9.10 ZoomInfo. We may use a service offered by ZoomInfo. (“ZoomInfo”). For more information about ZoomInfo and how to opt out of ZoomInfo’s collection and processing of data, please see the ZoomInfo privacy policy available at https://www.zoominfo.com/about-zoominfo/privacy-policy
    

10. Use of Anonymous Information. We may use Anonymous Information (as defined below) or disclose it to third party service providers in order to improve our Services and enhance your experience with the Services. We may also disclose Anonymous Information (with or without compensation) to third parties, including advertisers and partners. “Anonymous Information” means information which does not enable identification of an individual user, such as aggregated information about the use of our Services.
     

11. Opting Out. You may choose not to receive future promotional, advertising, or other Services-related emails from us by selecting an unsubscribe link at the bottom of each email that we send. Please note that even if you opt out of receiving the foregoing emails, we may still send you a response to any “Request a demo” request as well as administrative emails (for example, in connection with a password reset request) that are necessary to facilitate your use of the Services.
     

12. Data Retention. We will retain your Personal Information only for as long as necessary to achieve the purposes for collection and processing set forth above. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. If you withdraw your consent to our processing your Personal Information, we will delete your Personal Information from our systems (except to the extent retaining such data in whole or in part is necessary to comply with any applicable rule or regulation and/or to respond to or defend against legal proceedings brought against us or our affiliates), except where we process your information as a processor on behalf of our Client (such as your employer or other entity with which you are affiliated in connection with the use of our Services) in which case data retention is subject to such Client’s instructions, as further described in Section ‎21 below.
     

13. Choice. At all times, you may choose whether or not to provide or disclose Personal Information. If you choose not to provide mandatory Personal Information, you may still visit parts of the Services but you may be unable to access certain options, programs, offers, and services that involve our interaction with you.
     

14. Access/Accuracy. To the extent that you do provide us with Personal Information, we wish to maintain accurate Personal Information. If you would like to delete or correct any of your other Personal Information that we may be storing, you may use the tools that we make available on the Services or you may submit an access request by sending an email to support@covverme.com. Your email should include adequate details of your request.
     

15. Links to and Interaction with Third Party Products. The Services may enable you to interact with or contain links to third party websites, mobile software applications and services that are not owned or controlled by us (each, a “Third Party Service”). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services may collect Personal Information from you. Accordingly, we encourage you to read the terms and conditions and privacy policy of each Third Party Service that you choose to use or interact with.
     

16. Children’s Privacy. The Services are not intended for users under the age of 18 years. If we learn that we have collected Personal Information from a user under 18 years, we will delete that information as quickly as possible. If you believe that we might have any such information, please contact us at support@covver.io.
     

17. Candidates. We welcome qualified candidates (“Candidate(s)”) to apply to any of the open positions posted at our Services or via our dedicated third-party social media pages (e.g. LinkedIn) by sending us your CV or Resume and any other information you may choose to share with us (“Candidate Information”). Since privacy and discreetness are very important to our Candidates, we are committed to keep Candidate Information private and will use it solely for our internal recruitment purposes.
    
    Please note that we may retain Candidate Information submitted to us even after the applied position has been filled or closed. This is done so we could re-consider Candidates for other suitable positions and opportunities at Covver; so, we could can use the Candidate Information as a reference for future applications; and in case the Candidate is hired, for additional employment and business purposes related to their employment with us.
    If you previously submitted your Candidate Information to us, and now wish to access it, update it or have it deleted from our systems, please contact us at support@covver.io.
     

18. Security. The security of Personal Information is important to us. We follow generally accepted industry standards, including the use of appropriate administrative, physical and technical safeguards, to protect the Personal Information submitted to us. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use reasonable acceptable means to protect your Personal Information, we cannot guarantee its absolute security or confidentiality. If you have any questions about security on the Services, you can contact us at support@covver.io.
     

19. Our California Do Not Track Notice.
    We do not track consumers over time and across third party websites and therefore do not respond to Do Not Track signals. We do not allow third parties to collect personally identifiable information about an individual consumer’s online activities over time and across different web sites when a consumer uses the Services.
     

20. Commitment. We are committed to protecting your privacy. Protecting your privacy online is an evolving area, and we are constantly evolving our Services to meet these demands. If you have any comments or questions regarding our Privacy Policy, or your Personal Information that we may be storing and using, please contact us at  support@covver.io.  
     

21. Data Controller / Processor. Under various privacy, data protection or similar laws, regulations, or additional legal frameworks, such as Regulation (EU) 2016/679 (the “GDPR”) or the California Consumer Privacy Act of 2018 (the “CCPA”), two distinguished main roles for parties processing Personal Information typically apply: the “data controller” (or under the CCPA, a “business”), who determines the purposes and means of processing; and the “data processor” (or under the CCPA, a “service provider”), who processes such data on behalf of the data controller (or business). Below we provide additional information on how these roles apply to our Services, where such laws and regulations apply.
    
    Covver is the “data controller” of its Visitors’ and Candidates’ Personal Information, as detailed above. Accordingly, we assume the responsibilities of a data controller (solely to the extent applicable under law), as set forth in this Privacy Policy.
    Covver is the “data processor” of its End-Users and Client Users’ Personal Information, as submitted or otherwise provided to us by our Client and/or Client Users and/or End-Users. We process such data on behalf of our Client (who in turn is the “data controller” of such data) and in accordance with its reasonable instructions, and our commercial agreements with such Client.
    
    Our Clients are solely responsible for determining whether and how they wish to use our Services, and for ensuring that all individuals using the Services on the Client’s behalf or at their request, as well as all individuals whose personal data may be included in any Personal Information processed through the Services, have been provided with adequate notice and given informed consent to the processing of their Personal Information, where such consent is necessary or advised, and that all legal requirements applicable to the collection, use or other processing of data through our Services are fully met by the Client. Our Clients are also responsible for handling data subject rights requests under applicable law, by their Client Users and other individuals whose data they process through the Services (and accordingly, if you are a Client User or other individual whose Personal Information was provided to us in connection with Client’s use of the Services, Covver does not provide to you the rights set forth in Section ‎8 above).
    
    If you would like to make any requests or queries regarding Personal Information we process as a data processor on our Client’s behalf, including accessing, correcting, or deleting your data, please contact the Client and/or an applicable Client User directly.