Radiaction Medical Privacy Policy and Data Protection and Notice

Radiaction Ltd. and its affiliates (“Radiaction”, “we”, “our” or the “Company”, and their cognates) respects the privacy of its customers, users, employees, sites and website visitors, and is committed to protecting the personal information you may share with us (these and any others with respect to whom we collect personal data, shall collectively be referred to as “you” or “Data Subjects”).

Radiaction specializes in the development and production of the Shield System, which block scatter radiation providing radiation protection for healthcare teams (the “Services”).

This policy and notice (the “Privacy Policy”) explains the types of information we may collect from you, that we may receive about you or that you may provide in the course of your interest in our Services, business transactions, conferences or when you visit our sites and our website. We are transparent about our practices regarding the information we may collect, use, maintain and process and describe our practices in this policy and notice. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

For the purposes of EU General Data Protection Regulation (the “GDPR”), CCPA and other applicable privacy laws:
Radiaction is a data controller (or a Business under CCPA) in relation to the personal data of our customers and prospective customers, employees, employment candidates and website visitors. Radiaction is a processor (or a Service Provider under CCPA) in relation to the data of end-users who are usually employees of our customers and who use the Services.

1. Which information may we collect?

Summary: we collect various categories of personal data in order to meet our contractual obligations, and also to meet various legitimate interests, such as fraud prevention and marketing.

We may collect data about you in connection with your transactions with us, or in processing data for our customers. We also collect data about our employees and site and website visitors. One type of data collected is non-identifiable and anonymous information (“non-personal data”). We also collect several categories of personal data (“Personal Data”), as described below.

Data we collect about you from your transactions with us:

Personal Data which is being gathered consists of any details which are personally identifiable and which are provided consciously and voluntarily by you, or by an organization you represent or are associated with or through your use of our websites (as described below). This may include your name (first and last), email address, phone number, postal address, position and organization name and other information you may choose to provide to Radiaction. Additionally, we may obtain location data related to the geographic location of your laptop, mobile device or other digital device on which the Radiaction website is used.

You do not have any legal obligation to provide any information to Radiaction, however, we require certain information in order to perform contracts, or to provide our Services. If you choose not to provide us with certain information, then we may not be able to provide you or your organization with some or all of the Services.

By contacting us or submitting requests for support or information via our website, Radiaction will collect details, including also your name, facility name, phone number and personal or company email you provided, country and other such information. Radiaction may use this information to offer Radiaction’s Services and support.

Careers. If you wish to apply for a job with us, you may submit your contact information and resume online. We will collect the Personal Information you choose to provide on your resume, such as your education and employment experience. You may also apply through a third-party platform, such as LinkedIn. If you do so, we will collect the Personal Information you make available via those third-party platforms. We may also obtain information from third parties such as referees. If you are an employee, the sort of information we hold includes your application form and references, your contract of employment, correspondence with or about you, information needed for payroll, benefits and expenses purposes, contact and emergency contact details, records of holiday, sickness and other absence, medical notes and reports, information needed for equal opportunities monitoring, records relating to your career history, such as training records, appraisals, and, where appropriate, disciplinary and grievance records. We also sometimes hold clocking-in/out data. In addition. you will inevitably be referred to in many company documents and records that are produced by you and your colleagues in the course of carrying out your duties and the business of the company. Where necessary, we may keep information relating to your health, which could include reasons for absence and doctors’ reports and notes. This information will be used in order to comply with our health and safety and occupational health obligations – to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage sick pay, and insurance. Your personal data will be stored for the duration of your employment, and for a period of seven years following the termination of your employment, unless it must be held longer for legal, regulatory, compliance or contractual reasons.

2. How do we collect personal data?

Summary: we collect Personal Data when you or your organization send it to us, or when a vendor sends it to us so; we collect Personal Data through our websites and Services.

We collect Personal Data required to provide Services when you register interest, or when you provide us such information by entering it manually or automatically, or in connection with site visits, in the course of preparing a contract, or otherwise in engaging with us. We also may collect Personal Data when you call us for support, in which case we collect the information you provide us. We also collect personal data of end users who use the Services in accordance with the instructions of our customers who are the controllers of such data. We collect data of employment candidates when they send it to us or from third party referees. We collect data about employees when they give it to us and in the normal course of employment.

We also collect Personal Data through your use of our websites. In other words, when you are using the websites, we are aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services including as described in section 8 below. This may also include amongst other data technical information and behavioral information such as the user’s Internet protocol (IP) address used to connect your computer to the Internet, your uniform resource locators (URL), operating system, type of browser, browser plug-in types and versions, screen resolution, Flash version, time zone setting, the user’s ‘clickstream’ on the websites, the period of time the user visited the websites, methods used to browse away from a page, and any phone number used to call our customer service number. We likewise may place cookies on your browsing devices (see 'Cookies' section below).

3. What are the purposes of the personal data we collect?

Summary: we process Personal Data to meet our obligations, protect our rights and manage our business.

We will use Personal Data to provide and improve our Services to our customers and others and meet our contractual, ethical and legal obligations as well as contact you, per your request. All Personal Data will remain accurate complete and relevant for the stated purposes for which it was processed, including for example:

Processing which is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract:

• carrying out our obligations arising from any contracts entered into between you or your employer or organization and Radiaction and to provide you with the information, products and services that you request from Radiaction;
• carrying out our obligations arising from your employment contract with us;
• administering your account with Radiaction including to identify and authenticate you;
• verifying and carrying out financial transactions in relation to payments you make in connection with the Services;

Processing which is necessary for the purposes of the legitimate interests pursued by Radiaction or by a third party of providing an efficient and wide-ranging service to customers:

• notifying you about changes to our Services;
• contacting you for the purpose of providing you with technical assistance and other related information about the Services;
• replying to your queries, troubleshooting problems, detecting and protecting against error, fraud or other criminal activity;
• contacting you to give you commercial and marketing information about promotions or services and products offered by Radiaction which may be of interest to you;
• soliciting feedback in connection with your use of the Services;
• processing carried out to pursue our legitimate interests of running our business in an efficient manner, when those interests are not overridden by your fundamental rights.

Processing which is necessary for compliance with a legal obligation to which Radiaction is subject:

• compliance and audit purposes, such as meeting our reporting obligations in our various jurisdictions, and for crime prevention and prosecution in so far as it relates to our staff, customers, facilities etc;
• processing which is necessary to comply with our health and safety and other employment-related legal obligations;
• if necessary, we will use Personal Data to enforce our terms, policies and legal agreements, to comply with court orders and warrants and assist law enforcement agencies as required by law, to collect debts, to prevent fraud, infringements, identity thefts and any other service misuse, and to take any action in any legal dispute and proceeding;

Processing which is based on your consent:

• Sending you promotional materials by email if you have signed up to receive our newsletter. You may withdraw your consent at any time by clicking unsubscribe at the bottom of the email or by sending an email to contact@radiactionmedical.com and we will immediately remove you from our mailing list. Please note that we will continue sending you service updates and any information that is required to operate the Services to which you are signed up.

We may collect Personal Data of our customers’ personnel, which will be used for the purposes set out above.

4. Sharing Data with Third Parties

Summary: we share Personal Data with our service providers, partners, and group companies, and authorities where required.

We may transfer Personal Data to:

Members of our Group: This includes any member of our group, which means our parent company and subsidiaries - whether wholly or partially owned by Radiaction, and co-owned companies.

Third Parties. We transfer Personal Data to third parties in a variety of circumstances. We endeavor to ensure that these third parties use your information only to the extent necessary to perform their functions, and to have a contract in place with them to govern their processing on our behalf. These third parties may include business partners, suppliers, affiliates, agents and/or sub-contractors for the performance of any contract we enter into with you. They may assist us in providing the Services, processing transactions, fulfilling requests for information, receiving and sending communications, analyzing data, providing IT and other support services or in other tasks, from time to time. These third parties may also include analytics and search engine providers that assist us in the improvement and optimization of our websites, and our marketing.

We periodically add and remove third-party providers. At present services provided by third-party providers to whom we may transfer Personal Data include also the following:

• Website analytics
• Customer support;
• On-site and cloud-based database services;
• ERP and supporting software;
• Data security, data backup, and data access control systems;
• Project Management system;
• Medical checkup providers
• Dosimeter (quantifying radiation) providers
• Our lawyers, accountants, and other standard business software and partners.

In addition, we may disclose your Personal Data to third parties if some or all of our companies or assets are acquired by a third party including by way of a merger, share acquisition, asset purchase or any similar transaction, in which case Personal Data may be one of the transferred assets. Likewise, we may transfer Personal Data to third parties if we are under a duty to disclose or share your Personal Data in order to comply with any legal or audit or compliance obligation, in the course of any legal or regulatory proceeding or investigation, or in order to enforce or apply our terms and other agreements with you or with a third party; or to assert or protect the rights, property, or safety of Radiaction, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.

For avoidance of doubt, Radiaction may transfer and disclose non-Personal Data to third parties at its own discretion.

5. Where do we store your data?

We store your Personal Data in virtual servers owned or controlled by Radiaction, or processed by third parties on behalf of Radiaction, located in Israel, a country which benefits from an adequacy decision from the European Commission.

6. International Data Transfers

Summary: we transfer Personal Data within and to the EEA, UK, USA, Israel and elsewhere, with appropriate safeguards in place.

EU Personal Data may be transferred to, and stored and used at, a destination outside the European Economic Area (EEA) that may not be subject to equivalent Data protection laws to those of the EU. Where your Data is transferred outside of the EEA, we will take all steps reasonably necessary to ensure that your Data is subject to appropriate safeguards, including entering into contracts that require the recipients to adhere to data protection standards that are considered satisfactory under EU law, and that it is treated securely and in accordance with this privacy policy. For more information about these safeguards, please contact us as set forth below.

We may transfer your Personal Data outside of the EEA, in order to:

• store or backup the information;
• enable us to provide you with the Services and fulfill our contract with you;
• fulfill any legal, audit, ethical or compliance obligations which require us to make that transfer;
• facilitate the operation of our group businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights;
• to serve our customers across multiple jurisdictions; and
• to operate our parent company, subsidiaries and affiliates in an efficient and optimal manner.

7. Data Retention

Summary: we retain Personal Data according to our data retention policy, as required to meet our obligations, protect our rights, and manage our business.

Radiaction will retain Personal Data it processes only for as long as required in our view, to provide the Services and as necessary to comply with our legal and other obligations, to resolve disputes and to enforce agreements. We will also retain Personal Data to meet any audit, compliance and business best-practices.

Data that is no longer retained may be anonymized or deleted. Likewise, some metadata and statistical information concerning the use of our Services are not subject to the deletion procedures in this policy and may be retained by Radiaction. We will not be able to identify you from this data. Some data may also be retained on our third-party service providers’ servers until deleted in accordance with their privacy policy and their retention policy.

Services and Websites Data Collection and Cookies

Summary: with your consent, we place cookies on your device. You control our use of cookies through a cookie management tool on our website, or through your device and browser.

When you access or use our Services or website, Radiaction may use industry standard technologies such as cookies, pixels and similar technologies, which store certain information on your computer or browsing device and which will allow us to identify the computer or device and, in some cases, to identify them with the user, and to enable automatic activation of certain features, and make your user experience more convenient and effortless. We use different types of cookies: some cookies are strictly necessary, they are required for the operation of our websites and Services under our terms with you; We also use analytical and performance monitoring cookies, which allow us to recognize and count the number of visitors and to see how visitors move around our websites and services when they are using it. Finally, we use functionality cookies which are used to recognize you when you return to our Site. This enables us to personalize content to your preferences, including for example, your choice of language or region. We place strictly necessary cookies on the basis of our legitimate interest to operate our website, which is not overridden by your rights. We place all other cookies on the basis of your consent.

Different cookies are kept for different periods. Session cookies are used to keep track of your activities online in a given browsing session; these cookies generally expire when the browser is closed but may be retained for a period on your device. Permanent cookies remain in operation even when you have closed the browser. Third-party cookies are installed by third parties with the aim of collecting certain information to research behavior, demographics. Third-party cookies on our site include, for example, Google Analytics, Hubspot and LinkedIn. Third-party cookies will be retained according to the terms of those third parties, and you can control those cookies in your browser settings.

Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience on our websites and services will be limited.

How to disable cookies: the effect of disabling cookies depends on which cookies you disable but, in general, the websites and some services delivered through them may not operate properly, may not recognize your device, may not remember your preferences and so on, if cookies are disabled or removed. However, allowing or disabling cookies is your choice and in your control. If you want to disable cookies on our site, you need to change your browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies can be found here: Microsoft Edge, Google Chrome, Firefox, Safari.
Our services and websites may, from time to time, contain links to external sites. We are not responsible for the operation, privacy policy and practices or the content of such sites.

9. Security and Storage of Information

Summary: we take data security very seriously, invest in security systems, and train our staff. In the event of a breach, we will notify the right people as required by law.

We take great care in implementing, enforcing and maintaining the security of the Personal Data we process. Radiaction implements, enforces and maintains security measures, technologies and policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of Personal Data. We likewise take steps to monitor compliance of such policies on an ongoing basis. Likewise, we take industry standard steps to ensure our websites and services are safe.
Note however, that no data security measures are perfect or impenetrable, and we cannot guarantee that unauthorized access, leaks, viruses and other data security breaches will never occur.

Within Radiaction, we endeavor to limit access to Personal Data to those of our personnel who: (i) require access in order for Radiaction to fulfill its obligations, including also under its agreements, and as described in this Privacy Policy, and (ii) have been appropriately and periodically trained with respect to the requirements applicable to the processing, care and handling of the Personal Data, and (iii) are under confidentiality obligations as may be required under applicable law.

Radiaction shall act in accordance with its policies and with applicable law to promptly notify the relevant authorities and data subjects in the event that any Personal Data processed by Radiaction is lost, stolen, or where there has been any unauthorized access to it, all in accordance with applicable law and on the instructions of qualified authority. Radiaction shall promptly take reasonable remedial measures.

10. EU and UK Data Subject Rights

Summary: depending on the law that applies to your Personal Data, you may have various data subject rights, such as rights to access, erase, and correct Personal Data, and information rights. We will respect any lawful request to exercise those rights.

Data subjects with respect to whose data GDPR or the UK GDPR apply, have rights under GDPR and local laws, including, in different circumstances, rights to data portability, rights to access data, rectify data, object to processing, and erase data. It is clarified for the removal of doubt, that where Personal Data is provided by a customer being the data subject's employer, such data subject rights will have to be effected through that customer. In addition, data subject rights cannot be exercised in a manner inconsistent with the rights of Radiaction employees and staff, with Radiaction proprietary rights, and third-party rights. As such, job references, reviews, internal notes and assessments, documents and notes including proprietary information or forms of intellectual property, cannot be accessed or erased or rectified by data subjects. In addition, these rights may not be exercisable where they relate to data that is not in a structured form, for example emails, or where other exemptions apply. If processing occurs based on consent, data subjects generally have a right to withdraw their consent.

A data subject who wishes to modify, delete or retrieve their Personal Data, may do so by contacting Radiaction (contact@radiactionmedical.com). Note that Radiaction may have to undertake a process to identify a data subject exercising their rights. Radiaction may keep details of such rights exercised for its own compliance and audit requirements. Please note that Personal Data may be either deleted or retained in an aggregated manner without being linked to any identifiers or Personal Data, depending on technical commercial capability. Such information may continue to be used by Radiaction.

Data subjects in the EU and in the UK have the right to lodge a complaint, with a data protection supervisory authority in the place of their habitual residence. If the supervisory authority fails to deal with a complaint, you may have the right to an effective judicial remedy.

11. California Residents

If you are a California resident, California Civil Code Section 1798.83 permits you to request in writing a list of the categories of personally identifiable information relating to third parties to which we have disclosed certain categories of personally identifiable information during the preceding year, for the third parties’ direct marketing purposes, and to obtain such information free of charge up to twice in a 12-month period. You have the right to request disclosure from Radiaction of the following:

• The categories of personal information Radiaction has collected about you;
• The categories of sources from which the personal information is collected;
• The business or commercial purpose for collecting personal information;
• The categories of third parties with whom the business shares personal information;
• The specific pieces of personal information Radiaction has collected about you.

To make any such requests, please contact us at: contact@radiactionmedical.com.

Radiaction will not discriminate against a consumer because the consumer exercised any of the consumer’s rights, including, but not limited to, by:

• Denying goods or services to the consumer.
• Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
• Providing a different level or quality of goods or services to the consumer.
• Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.

12. General

Minors. We do not knowingly collect or solicit information or data from or about children under the age of 16 or knowingly allow children under the age of 16 to register for Radiaction services. If you are under 16, do not register or attempt to register for any of the Radiaction Services or send any information about yourself to us. If we learn that we have collected or have been sent Personal Data from a child under the age of 16, we will delete that Personal Data as soon as reasonably practicable without any liability to Radiaction. If you believe that we might have collected or been sent information from a minor under the age of 16, please contact us at: contact@radiactionmedical.com as soon as possible.

Changes to this Privacy Policy. The terms of this Privacy Policy will govern the use of the Services, websites, and any information collected in connection with them. Radiaction may amend or update this Privacy Policy from time to time. The most current version of this Privacy Policy will be available at: https://www.radiactionmedical.com/privacy-policy. Changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of our Services will constitute your active acceptance of the changes to and terms of the Privacy Policy.

Radiaction aims to process only adequate, accurate and relevant data limited to the needs and purposes for which it is gathered. It also aims to store data for the time period necessary to fulfill the purpose for which the data is gathered. Radiaction only collects data in connection with a specific legitimate purpose and only processes data in accordance with this Privacy Policy. Our policies and practices are constantly evolving and improving, and we invite any suggestions for improvements, questions or comments concerning this Privacy Policy, you are welcome to contact us (details below) and we will make an effort to reply within a reasonable timeframe.

Radiaction contact details: contact@radiactionmedical.com

Last Revised: March 2023