Privacy Policy
Last updated: February 4, 2026
This privacy policy describes how Achiya Automation, a sole proprietorship ("we", "our", "the Company") collects, uses, processes, and protects your personal data, in accordance with the Israeli Privacy Protection Law, 5741-1981, Amendment No. 13 to the Law (5784-2024), and the Privacy Protection Regulations (Data Security), 5777-2017.
By using our website and services, you consent to the terms of this policy. Please read it carefully.
1. Definitions
The following terms shall have the meanings specified alongside them:
- "Personal Data" — any information relating to an identified or identifiable individual, including: name, phone number, email address, IP address, device identifiers, browsing data, and location.
- "Sensitive Data" — sensitive personal data as defined by law, including: medical information, location data, biometric identifiers, genetic data, financial activity data, sexual orientation, political opinions, party affiliation, or information about criminal offenses. We do not collect this type of data on our website.
- "Processing" — any operation performed on personal data, including collection, storage, use, transfer, and deletion.
- "Data Subject" — the individual to whom the personal data relates (you).
- "Third Party" — any entity other than the Company or the data subject.
2. Data Controller & Contact Details
- Business name: Achiya Automation
- Business type: Sole proprietorship
- Address: 10 Hativat Carmeli St., Ashdod, Israel
- Email: info@achiya-automation.com
- Phone: 050-419-7060
- Website: achiya-automation.com
3. Types of Data We Collect
3.1 Data you provide directly (Section 11 of the Law)
When filling out the contact form on our website, providing information is voluntary and not required by law:
| Field | Required / Voluntary | Consequence of not providing |
|---|---|---|
| Full name | Required to process your inquiry | We will be unable to handle your inquiry |
| Phone number | Required to process your inquiry | We will be unable to contact you |
| Business type | Voluntary | No impact on handling your inquiry |
| Message content | Voluntary | We may need to ask additional questions |
| Marketing consent | Voluntary | You will not receive marketing updates |
Note: Failure to provide the fields required for handling your inquiry will prevent us from responding to you. Fields marked "Voluntary" do not affect our ability to process your inquiry.
3.2 Data collected automatically
When browsing our website:
- IP address (anonymized / partially masked)
- Browser type and operating system
- Pages viewed and time spent
- Referral source
- Website performance data (Web Vitals)
- Returning visit identification (via local browser storage)
3.3 Data we do not collect
- National ID numbers
- Credit card details (payments are made by bank transfer or under a separate agreement)
- Medical information or other sensitive data
4. Processing Purposes & Legal Basis
We process personal data solely for the following purposes and on the appropriate legal basis:
| Purpose | Legal basis |
|---|---|
| Responding to inquiries and requests | Consent / Performance of contract |
| Sending price quotes | Performance of contract |
| Improving the website and services | Legitimate interest |
| Statistical analysis and performance measurement | Legitimate interest / Consent |
| Sending marketing updates | Explicit consent only |
| Compliance with legal requirements | Legal obligation |
5. Third-Party Data Sharing
We may share personal data with the following parties only:
5.1 Service and infrastructure providers
- Hetzner Cloud GmbH (Germany) — Server hosting and infrastructure. Germany is recognized as a country with an adequate level of protection under Regulation 2(4). Security standards: ISO 27001, SOC 2 Type II.
- Google Analytics (Google LLC, USA) — For website traffic analysis. Data includes: pages viewed, visit duration, referral source. IP addresses are anonymized. Google is committed to the EU-US Data Privacy Framework. Google Privacy Policy (opens in a new tab)
- Inquiry processing systems (n8n) — For processing contact form submissions. Hosted on Hetzner servers in Germany.
- Cloudflare Inc. (USA) — CDN (Content Delivery Network), security, and DDoS protection services. Cloudflare processes: IP addresses, browser data, and technical browsing information. This data is used to protect the website and improve performance. Cloudflare is committed to ISO 27001 and SOC 2 Type II standards. Cloudflare Privacy Policy (opens in a new tab)
5.2 Additional cases
- When required by law or court order
- To protect our rights or property
- With your explicit consent
Note: We do not sell, rent, or trade your personal data to third parties for their marketing purposes.
6. International Data Transfers
Some of our service providers are located outside of Israel:
| Provider | Location | Legal basis for transfer |
|---|---|---|
| Hetzner Cloud | Germany (EU) | Country with adequate level of protection — Regulation 2(4) |
| Google Analytics | USA | EU-US Data Privacy Framework |
| Cloudflare | USA (global servers) | EU-US Data Privacy Framework + Standard Contractual Clauses (SCCs) |
We ensure that all international data transfers comply with legal requirements and include appropriate safeguards, including engagement with providers committed to international data protection standards (ISO 27001, SOC 2).
7. Data Retention Periods
We retain personal data only for as long as necessary:
| Data type | Retention period |
|---|---|
| Contact form submissions | Up to 3 years from the last inquiry |
| Active client data | Duration of engagement + 7 years |
| Analytics data | 26 months (GA4 default setting) |
| Marketing consents | Until consent is withdrawn + 3 years for documentation |
At the end of the retention period, data will be deleted or anonymized in an irreversible manner.
8. Cookies & Tracking Technologies
8.1 What are cookies?
Cookies are small text files stored on your device when browsing our website. They allow the site to remember preferences and improve the user experience.
8.2 Types of cookies we use
| Name / Type | Purpose | Duration |
|---|---|---|
| Essential cookies | Storing cookie preferences, basic functionality | 1 year |
| Google Analytics (_ga, _gid) | Statistical analysis of website traffic | Up to 2 years |
Note: Cloudflare, which provides CDN and security services for our website, may place security cookies (such as __cf_bm) only in cases of suspected activity or security challenges (CAPTCHA). These cookies are not sent during normal browsing and are not used for marketing tracking.
8.3 Local storage (localStorage)
In addition to cookies, we use local browser storage. Local storage is saved only on your device and is not sent to our servers:
| Key name | Purpose | Duration |
|---|---|---|
| cookie-consent | Storing your cookie preferences (which types you approved) | Until manually deleted |
| cookie-consent-date | Date and time you gave or changed your cookie consent | Until manually deleted |
Note: You can delete this data at any time through your browser settings (clear site data) or developer tools.
8.4 Managing preferences
On your first visit to the website, a cookie notice will be displayed allowing you to choose which cookies to accept. You can change your preferences at any time by:
- Clicking the "Cookie Settings" button below
- Your browser settings
- Deleting cookies and reloading the website
9. Data Security
We implement appropriate security measures in accordance with the Privacy Protection Regulations (Data Security), 5777-2017:
9.1 Technical security measures
- Encryption in transit: All communications are encrypted using HTTPS/TLS 1.3
- Anonymization: IP addresses are anonymized in Google Analytics
- Access control: Data access is restricted on a role-based permissions basis (RBAC)
- Two-factor authentication: 2FA for all access to management systems
- Firewall: Server-level protection and 24/7 anomalous traffic monitoring
- Security updates: Regular software and system updates
9.2 Backups
- Frequency: Automatic daily backups
- Encryption: Backups encrypted with AES-256
- Retention: 30 days
- Location: Separate Hetzner servers in the same geographic region
9.3 Logging and documentation
- Access logs: 24 months
- Change logs: 24 months
- Security logs: 24 months
- Storage: Encrypted and secured
9.4 Security incident notification
In accordance with Amendment 13 to the Privacy Protection Law, in the event of a serious security incident that may cause substantial harm to your privacy:
- We will notify you within 72 hours of discovering the incident
- We will detail the type of data that was exposed
- We will provide recommendations for self-protection
- We will report to the Privacy Protection Authority as required under Regulation 11
9.5 Business continuity
A disaster recovery plan (DRP) is in place, which includes:
- Estimated recovery time (RTO): Up to 24 hours
- Recovery point (RPO): Up to 24 hours
Despite our efforts, no security system is perfect. We are committed to handling every security incident with full transparency and responsibility.
10. Your Rights (Under Amendment 13)
Under the Privacy Protection Law and Amendment 13, you are entitled to the following rights:
- Right of access: To review the personal data we hold about you
- Right of correction: To request correction of inaccurate or incorrect data
- Right of deletion: To request deletion of your data (subject to legal obligations)
- Right to object: To object to data processing for marketing purposes
- Right to withdraw consent: To withdraw consent you have given at any time
- Right to restrict processing: To request restriction of processing under certain circumstances
- Right to data portability: To receive the data you provided to us in a readable and structured format (such as CSV or JSON)
- Right to be notified of data breaches: To be informed if a security incident affects your data
To exercise your rights: Send a request to info@achiya-automation.com with the following details:
- Your full name
- Identifying information (phone number or email you provided)
- Description of your request
We will respond to your request within 30 days as required by law.
10.2 Data deletion
Upon a deletion request or termination of engagement:
- Active systems: Deletion within 7 business days
- Backups: Automatic deletion within 30 days
- Deletion method: Secure and irreversible deletion (secure erase)
- Confirmation: You will receive written confirmation of the completed deletion
Note: Data that must be retained by law (such as invoices for 7 years) will be kept in accordance with the law.
11. Minors
Our services are intended for business owners and are not directed at minors under the age of 18.
We do not knowingly collect personal data from minors. If you become aware that a minor has provided us with personal data, please contact us and we will delete the data immediately.
12. Filing a Complaint
If you believe your privacy has been violated, please contact us first at info@achiya-automation.com and we will endeavor to resolve the matter.
If you have not received an adequate response, you may file a complaint with the Privacy Protection Authority:
The Privacy Protection Authority
Ministry of Justice
Website: www.gov.il/he/departments/the_privacy_protection_authority (opens in a new tab)
13. Policy Changes
We may update this policy from time to time. Material changes will be published on the website with appropriate notice.
The last update date appears at the top of this document. Continued use of the website after a policy update constitutes acceptance of the changes.
14. Contact Us
For questions, requests, or complaints regarding this privacy policy or the processing of your data:
- Email: info@achiya-automation.com
- Phone: 050-419-7060
- WhatsApp: Send a message (opens in a new tab)
15. Governing Law
This privacy policy is governed by the laws of the State of Israel, in particular the Privacy Protection Law, 5741-1981 and its regulations. Exclusive jurisdiction shall be vested in the competent courts in Israel.