logoin
Get in Touch
Explore Tours

Privacy Policy

Privacy Policy​


1. Introduction This Privacy Policy explains how Lux Israel Incoming Tour operator LTD we collects, uses, stores, and shares personal information in compliance with Israel’s Protection of Privacy Law, including Amendment No. 13 (effective August 14, 2025).

2. Definitions

  • Personal Information: Any information that identifies or could identify an individual, including digital identifiers (e.g., IP, cookies) and device data.
  • Highly Sensitive Information: Includes private affairs, sexual orientation, health/genetic data, biometric/precise location data, political opinions, criminal records, financial and employment details, etc.

3. Data Controller We are the responsible entity (“Controller”) for processing your personal data. Contact details: Rachel Goldberg, [email protected], +972+3+9719711.

4. Data Protection Officer (DPO) Where required, we have appointed a DPO who oversees compliance with privacy laws. Contact: Rachel Goldberg, [email protected], +972+3+9719711.

5. Categories of Personal Data Collected

  • Mandatory & non‑mandatory data: Describe required vs optional personal data.
  • Highly Sensitive Data: If applicable, detail categories such as health, biometrics, location.

6. Purpose of Processing We process data to:

  • Provide and improve our services;
  • Fulfill legal obligations;
  • Perform direct marketing (with explicit consent);
  • Conduct analytics and user behavior research (only after consent for non‑essential data).

7. Legal Basis for Processing Explain the basis: consent, contractual necessity, legal obligation, or legitimate interest—specifically for highly sensitive data, explicit consent is required.

8. Consent & Cookie Banner We obtain active, informed, granular consent before setting any non-essential cookies or trackers (e.g., analytics, advertising). A clear “Accept All” / “Reject All” interface is provided, with equal prominence. No tracking scripts are loaded before consent. You can manage your preferences at any time via [link].

9. Data Sharing & Transfers We may share data with third parties (e.g., service providers, analytics platforms) under confidentiality agreements. Data may be processed in other jurisdictions—see “Cross-Border Transfers” section for details.

10. Data Retention & Deletion We retain personal data only as long as necessary for the purposes described. After that, data is deleted or anonymized unless retention is required by law.

11. Rights of Data Subjects Under Amendment 13, you are entitled to:

  • Access your personal data;
  • Request corrections;
  • Withdraw consent;
  • Request data deletion;
  • Lodge complaints.

12. Consequences of Refusal You may choose not to provide certain information; however, it may impact your ability to access or use certain services.

13. Reporting to the PPA [If applicable] We have filed reports with the Privacy Protection Authority concerning databases containing highly sensitive data for over 100,000 individuals, as required under Amendment 13.

14. Security Measures We implement appropriate technical and organizational measures to secure personal data, including risk assessments and, where applicable, penetration testing.

15. Changes to this Policy We may update this policy to reflect changes in legal requirements, technology, or business operations. The “Last Updated” date at the top indicates the most recent revision.

Last Updated: August 25, 2025