Privacy Policy and Term of Use – Tribu Management Site

Last updated: May 14, 2021

1. Introduction.

1.1. Welcome to Tribu Management Site (hereinafter: “The Site") of Tribu Ltd. a not-for-profit social and technology start-up, which aims to create and expand the circles of volunteering and contributing within Israeli society (hereinafter: "Tribu" or “Us”).

1.2. The Site is used by various organizations as a tool for managing the volunteer activities and the volunteers themselves, in such a way that each organization can manage all the existing information about its volunteers, including but not limited to, personal information, opinions, suitability for volunteering, hourly reports, etc. (hereinafter: "The Services”).

1.3. Each organization has a dedicated area on the Site where information is created and collected. The information is owned and under the responsibility of the organization.

1.4. The Privacy Policy and Terms of Use are intended to ensure, among other things, the security and privacy of the information accumulated in the designated area of ​​the organization on the Site.

1.5. This document specifies the Privacy Policy and Terms of Use when using the Services by the organizations and constitutes a binding legal document between Tribu and the organization and those on its behalf.

1.6. Use of the Site for any purpose is subject to this document. Use of the Services will be deemed consent by the organization to all the terms, conditions and notices contained in this document. Therefore, the use of the Site (including any content that appears on it, and the use of the Services), the organization declares that it has read and understood this document and has agreed to its terms.

1.7. To the extent that the organization has objections to this document or changes made to it, it may contact us for assistance and alternative solutions.

1.8.The document is written in masculine language for convenience only but refers to both genders.

 

2. Use of the Site Services.

2.1 When using the Services offered by the Site, each user on behalf of the organization is required to provide his full name and email address of the organization, to creating an account, and obtain the approval of the organization to manage its designated area.

2.2. It is hereby clarified that there is not a legal obligation to provide this information, unless otherwise specified, and that providing of this information depends on the free consent of the organization’s users and volunteers.

2.3. You may edit the information provided by logging to the organization’s designated area on the Site or by contacting us at support@we-tribu.com.

2.4. Any changes in the authorizations and/or managers on behalf of the organization are subject to the approval of the organization only.

2.5. Associating a volunteer with the organization – if the organization wishes to assign a volunteer to its designated area, it may do so in one of two ways:

* Automatic association by the organization’s managers.

* Association with the approval of the organization’s manager will be carried out – directly by the volunteer through the App.

2.6. Establishment of volunteer activities on the Site:

2.6.1. The organization may define volunteer activities for the organization's employees and/or volunteers associated with the organization only.

2.6.2 The organization may set up a public activity for all existing volunteers on the Site.

2.7. Tribu is not responsible for the organization's volunteer activities and/or the content uploaded to the Site by the organization.

2.8. The organization is responsible for all volunteer activities on its behalf under the provisions of any law, including the issue of insurance.

2.9. There is a blanket ban on publishing events that are not voluntary, as well as events that do not meet the requirements of the law, including events with manifestations of incitement, violence, racism and more.

3. Tribu commitment to maintaining the information in the organization’s designated area.

3.1. Tribu is committed to confidentiality and shall not transmit, show, inform, or disclose to anyone, directly or indirectly, the information in the designated area without the prior written consent of the organization, indefinitely, even after the organization stopped using the Site.

3.2. All information that will accumulate in the organization’s designated area belongs to the organization only. Tribu will not make any use of this information, as well as the information and details of volunteers who have registered to volunteer in the organization’s designated area but to operate the Site and provide the Services.

3.3. Tribu will take all necessary measures to protect this information and its security and will ensure that access to such information will be given to Tribu and/or anyone on its behalf who has received permission to do so, after signing towards Tribu on a commitment to maintain confidentiality.

3.4. Tribu shall not transfer the information to any third party without the prior written consent of the organization. To the extent that the organization approves the transfer of such information, Tribu will include in the agreement with such a third party all the obligations that apply to it in connection with the information as part of the engagement.

3.5. Tribu shall separate the existing information in the organization’s designated area from the rest of the information contained on the Site.

3.6. Tribu shall publish a report regarding the manner of information security, its management, storage, and processing, if receives such a request from the organization and at least once a year,

3.7. Tribu shall notify the organization of any unauthorized use and/or access to information and/or any case of information leakage and/or a security incident as soon as it is discovered.

3.8. Tribu will allow volunteer managers, upon their request, to receive all information in the designated area, through magnetic media or other digital systems, and will delete, at the request of the organization, all such information, no later than 30 business days from receipt of the request.

3.9. Any content or information uploaded to the Site by the organization and/or anyone on its behalf is its sole responsibility.

3.10. Without derogating from the terms of this document, Tribu shall act under the provisions of any law, including the Israeli Privacy Protection Act (hereinafter: the "Privacy Protection Act") and the Privacy Protection (Data Security) Regulations, 2017 (hereinafter: "Data Security Regulations").

3.11. When using the Site, the organization will be able to manage and receive information about volunteers associated with it and/or about other volunteers; Future volunteer activities based on skills and geographic area; Volunteer activities that took place; Photos taken during the volunteering, etc.

3.12. For using some of the Services, users and/or volunteers of the organization will be asked to enter personal details about them to create an account as detailed below:

3.12. 1. Information submitted to the Site manually: When using some of the Services offered on the Site, the user may be required to provide personal and identifiable information about volunteers such as first and last name, mobile phone number, social security number and e-mail address. This information is required to complete the Services and/or to so we can contact him.

3.1.2. Automatically: For the day-to-day operation of the Site and the collection of statistics data, Tribu may use technological tools, depending on the type of Services that Tribu provides to that user. Subject to this, Tribu may retain the IP address of the end device from which the user accesses the Site.

3.12.3. Retention of information about volunteers and volunteer activities: each organization may collect and/or enter any information about its volunteers and/or its volunteer activities. The responsibility for collecting and processing this data is solely on the organization and subject to the provisions of any law. Each organization can view and manage only the information of its volunteers or the information of volunteers who are not affiliated with any organization.

 

4. Information Usage

Tribu may use the information in such a way that it is visible only to Tribu and to those who have received permission on its behalf for the following uses:

4.1. For the ongoing operation of the Site and the organization’s designated area.

4.2. Allow the organization to use various Services on the Site, set volunteer dates, make sure the organizations are suitable for volunteers and vice versa.

4.3. Produce customized volunteer offers.

4.4. Automatically identify users on behalf of the organization.

4.5. Send updates and reminders about volunteers and other Services submitted to the Site by the organization or someone on its behalf.

4.6. Improve the Site usage experience, measure the performance of the Site and improve its content and design.

 

5. The Lawful Basis for Processing Personal Data.

5.1. Consent as written in article 6(1)(a) of the GDPR - For example, when we require consent for the optional cookies we use or for creating accounts; and/or,

5.2. Contractual purposes as described in article 6.1(b) of the GDPR - For example, when registering the Site; and/or,

5.3. To protect vital interests accordingly to article 6(1)(d) of the GDPR and/or article 9.2(c) of the GDPR which allows us to process personal data for safety; and/or,

5.4. For the necessity of legitimate interests accordingly to article 6.1(f) of the GDPR - For example, to maintain the integrity of our IT systems and the continuity of our business.

 

6. Information held by organization managers.

6.1. When a volunteer is assigned to an organization, the personal data that the volunteer submitted in the App is attributed to the organization’s designated area.

6.2. Some of the information presented to the organization personally identify the volunteers, such as full name, address, phone number, email address and volunteer history, and some is not identifiable, such as data and statistics aggregation.

6.3. The organization may retain additional information about volunteers (hereinafter: the "Additional Information") while contacting them directly. It is the responsibility of the organization to define the Additional Information it needs. The organization is responsible for obtaining the consent of the volunteer to process the Additional Information about him, as well as for the quality and reliability of the Additional Information. Tribu is not responsible and will not be responsible for the collection of such Additional Information.

 

7. Providing information to third parties.

7.1. When using the Site, both in relation to this document and to any other relevant conditions applicable between the parties, all users on behalf of the organization will be considered as a related party and not as a third party. It is clarified that those users will openly receive all volunteer information related to their organization unless explicitly stated that this information will not be handed over.

7.2. The organization’s authorizeded users will receive their volunteer’s information related to their volunteering under the same organization, upon their prior consent.

7.3. Non-personally identifiable information and statistical information are not kept confidential and may be transmitted to third parties or used for research needs, service improvement, marketing and more.

7.4. The transfer of identifiable information about the organization's users and/or volunteers to third parties will be possible in the cases listed below:

With the consent and approval of the organization or volunteer.

7.4.2. In case Tribu transferred and/or altered its activities and/or rights and obligations to a third party, provided that the said third party accepts the instructions specified in this document.

7.4.3. In any case the organization or volunteer has violated the terms of the Privacy Policy and/or Terms of Use and/or in cases where the organization or volunteer, or anyone acting on its behalf, has executed or attempted to execute, through the Site and/or in connection with it, actions contrary to the provisions of such terms of use and/or the provisions of any law.

7.4.4. For external processing and provision of services, Tribu provides information to entities affiliated with it and other entities with which it cooperates and trusts (such as AWS which provides the company with cloud hosting services in the EU) following the law, Tribu Privacy Policy and all appropriate means of confidentiality and security.

7.5. Tribu may transfer the information to law enforcement authorities in the cases listed below:

7.5.1. Due to any dispute, claim, demand and/or legal proceedings that will be conducted between the organization and/or anyone on its behalf and Tribu and/or anyone acting on its behalf.

7.5.2. If the organization perform actions on the site that are against the law or contrary to this document.

7.5.3. If a judicial order is obtained instructing us to provide information.

7.5.4. If Tribu considers, at its best discretion, that the disclosure of said information is necessary to reduce the damage of any kind caused to the Site, and/or to any other third party.

7.5.5. In any event that Tribu considers, at its sole discretion, that the disclosure of the information is necessary to prevent serious damage to the property of Tribu, the property and/or body of the user and/or third parties and/or to prevent other serious damage.

 

8. Permissions to the Site

8. 1. Tribu will set up one account for the organization and at its request, the account will be used by the organization manager.

8.2. There are three (3) types of permissions on the Site:

8.2.1. Organization Manager - with the highest permission, serves as the Site manager for the organization (Admin). The organization manager may define additional users for his organization as organization managers / group managers / volunteer managers.

8.2.2. Group Manager - Every organization has groups of volunteers. The group manager is responsible for the volunteering managed in that group and for the volunteering’s managers. The group manager may access the details of all the volunteers associated with his group.

8.2.3. Volunteering Manager - with the lowest permission. The volunteering manager is responsible for a specific volunteering activity and has access to all the volunteer data under that activity.

 

9. Uploading content.

9.1. The site may include volunteering offers, whether from Tribu or other volunteering entities. Tribu is not responsible for proposals published by others, its content and/or existence.

9.2. As part of the volunteering activity, the organization may upload photos to the Site, provided that the organization has rights in the photos or has received the consent of the person being photographed, before uploading the photo.

9.3. The manager may delete the content uploaded to the Site by a person on his behalf and/or by volunteers associated with his organization. Content uploaded from outside the Site is the sole responsibility of the user who uploaded it.

9.4. An organization manager / volunteering manager / group manager may upload posts, comment on them, chat and more.

9.5. Tribu is not responsible for content uploaded to the Site.

 

10. Databases and privacy protection low

10.1. An organization that uses the Services, including the management of volunteers and volunteering activities, is required to legally register a database with the Registrar of Databases as the Data Owner/Controller and Tribu as the Data Holder/Processor, under the provisions of the Privacy Protection Act. The organization and Tribu will use the information for the purposes defined in this document and under the provisions of any law and obligations applicable to both parties under any law, including privacy protection laws.

10.2. Without limitation the generality of the foregoing, the organization is obligated to:

10.2.1. Comply with the provisions of the law regarding the processing and transfer of personal information and data as part of the management of volunteers and volunteering activities, during and/or in connection with the use of the Services, including personal information of and/or in connection with the volunteer, including complying with the provisions of the Privacy Protection Act, its regulation and in particular Data Security Regulations, relevant guidelines of the Database Registrar, and all as will be updated from time to time.

10.2.2. Comply with the provisions of the law regarding the processing and transfer of personal information and data as part of the management of volunteers from abroad and volunteering activities, in particular from the European Union and, as applicable, during and/or in connection with the use of the Services, including personal information of and/or in connection with the volunteer, including comply with the provisions of the European Data Protection Regulations (GDPR) and/or any other relevant privacy protection laws applicable in the country of the organization and/or the volunteer.

10.2.3. Use the information for the purposes of the database in a manner that does not infringe on the rights of the volunteers.

10.2.4. Grant data subjects their rights under the law, including the right to review and correct their information.

10.2.4.1. According to the Privacy Protection Act, every person is entitled to review by himself, or by his authorized representative in writing or by a guardian, the information held on him in a database. A person who has reviewed the information about him and found that it is incorrect, incomplete, unclear, or out of date, may contact the owner of the database with a request to correct the information or delete it. If we have such information that needed to be updated, changed, or deleted, please contact us via email.

10.2.4.2. The organization as the Data Owner of a database is responsible for handling such requests in accordance with the law. Tribu as the Data Holder will assist the organization, as required, to fulfill the requests. Also, if such requests are submitted directly to Tribu, it would forward them directly to the relevant organization for further processing.

10.2.5. Lawfully collect and process the information and obtain all the approvals and agreements required by any law to transfer the information to Tribu for processing in its systems and/or third-party systems operating on its behalf in Israel and/or abroad, and that the information transfer to Tribu and the use by it and/or third parties on its behalf do not infringe the privacy and/or other rights of data subjects.

10.2.6. To bear full responsibility towards Tribu, and to compensate and/or indemnify Tribu, with its first claim for any damage, loss, loss, expense, demand and/or claim and/or lawsuit that any third party will have in connection with the provisions of this section.

10.2.7. The organization, as the Data Owner, may ask Tribu via email, to delete any information held in its systems and defined under the details of its database. Tribu will delete the information, at most, within 30 days of receiving the request.

11. GDPR

11.1. To the extent that the provisions of the GDPR apply to the organization, the organization will be defined as a Data Controller and Tribu will be defined as a Data Processor.

11.2. Data Controller means a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

11.3. Data Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Data Controller.

11.4. The organization will define for Tribu any additional requirements and provisions for compliance with the provisions of the GDPR in a written agreement. Tribu will implement any relevant commitment to it as a Data Processor under the GDPR and will process the personal information by the provisions of the law and this agreement. To the extent that Tribu believes that the provisions of the agreement conflict with the GDPR, it will inform the organization accordingly.

11.5. The organization must grant the data subjects the rights conferred on them by the GDPR and inform them of these rights, including but not limited to, the right to be forgotten, the right to amend personal information, the right to object to processing immediately, the right to complaint, etc.

11.6. In the event of the retention of Additional Information from minors under the age of 16 or 13 (by the laws of the relevant state), the organization will also add the details of the minor's parent / guardian.

11.7. The organization will respond to inquiries from data subjects or regulatory authorities regarding the processing of personal information and will notify Tribu in writing of such inquiries related to the processing of the information carried out by it, all under the provisions of any law. Tribu will respond to these inquiries following the organization's guidelines unless required to comply with its legal obligations, dispute resolution and/or enforcement of its rights or agreement.

11.8. For additional information on data subject’s rights according to GDPR please visit: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/

 

12. Information security

12.1. Tribu is implements and maintains appropriate technical and organizational security measures and invests a great deal of effort in securing the Site and the user’s personal information (whether by Tribu or by third parties who are authorized service providers). 

12.2. The information is stored on a third party’s secure servers which provide Tribu with cloud services (AWS in the EU). We are implementing security policies and procedures as is customary in the industry to assure the security of our user’s information and to prevent unauthorized use of this information. While these systems reduce the risks of unauthorized intrusion, they do not provide complete security. If you have concerns about certain information, avoid passing that information over the Internet.

12.3. Tribu will report to the organization on any information security incident that may endanger and/or harm the organization immediately from the moment it becomes aware of the incident. In addition, the organization will notify Tribu of any information security incident that may endanger and/or damage Tribu immediately from the moment it becomes aware of the incident.

23.4. Log in to the Site will be done through a personal username and password and a physical means under the user’s sole control as decided by Tribu.

12.5. The user must set a password for its account following the password policy detailed below:

12.5.1. Password must contain at least 8 characters.

12.5.2. The password will be complex and will combine a small letter and a capital letter in English and digits.

12.5.3. The password will be changed once every 180 days.

12.5.4. Do not repeat previous passwords (at least 5).

12.6. Session Time Out - After 60 minutes of inactivity or after 8 hours of continuous activity on the Site, the user’s account will be locked, and a new identification will be required.

12.7. After9 5 failed access attempts, the account will be blocked. The account will be opened by the organization manager.

12.8. It is the organization’s responsibility to implement basic security measures for the device used to login into the Site to protect its and its volunteer’s personal information, according to our recommendations as follow:

12.8.1. Ensure the implementation of security measures the devices:

* Define a screen saver after 20 minutes of inactivity.

* Install Anti-Virus / Anti-Malware.

* Implement security updates according to the manufacturer’s instructions.

12.8.2. Keep the confidentiality of the passwords and do not disclose them to anyone.

12.9. Export content from the Site:

12.9.1. There is an option for the organization’s users to export reports and data from the Site to the organization’s workstations.

12.9.2. Exporting the reports and data from the Site will be the sole responsibility of the user. Please note that such data contain sensitive information about volunteers under the Privacy Protection Act and its transmission to anyone who is not allowed to be exposed to it and/or keeping it in violation of the provisions of the law, constitutes a violation of the law.

12.9.3. The organization is requested to take security measures in its workstations to keep the information that may be kept with it.

 

13. Cookie Policy

13.1. Like many websites, we use cookies and various analytical tools for the day-to-da9y and proper operation of the Site. This includes collecting statistical data about the use of the Site, verifying data, adjusting the Site to personal preferences, maintaining information security, etc.

13.2. Cookies are text files that are created by your device according to the Company’s instructions or on its behalf. Some are temporary and some are permanent.

13.3. When visiting the Site, you will be notified of the use of and placement of cookies and other similar technologies on your device as specified herein.

13.4. The specific names and types of the cookies, web beacons, and other similar technologies we use may change from time to time. However, the cookies we use generally fall into one of the following categories:

13.4.1. Necessary cookies - These cookies are necessary to allow the Site to work correctly. They enable you to access the Site, move around, and access different Services, features, and tools. Examples include remembering previous actions (e.g., entered text) when navigating back to a page in the same session. These cookies cannot be disabled.

 

 

13.4.2. Cookies for better functionality - These cookies remember your settings and preferences and the choices you make (such as language or regional preferences) to help us personalize your experience and offer you enhanced functionality and content.

 

 

13.4.3. Analytics and performance cookies - These cookies collect information regarding your activity on our Site to help us learn more about which features are popular with our users and how our Site and Services can be improved. It can also help us understand how you use our Site, for example, whether you have viewed messages or specific pages and how long you spent on each page. This helps us improve the performance of our Site and Services.

 

 

 

13.4.4. Advertising cookies - These cookies are placed to deliver content, including ads relevant and meaningful to you and your interests. They may also be used to deliver targeted advertising or to limit the number of times you see an advertisement. This can help us track how efficient advertising campaigns are, both for our Services and other websites. Such cookies may track your browsing habits and activity when visiting our Site and Services and those of third parties.

 

 

13.4.5. Email cookies - Cookies may be placed in messages we send to track your interaction with such emails.

13.5. How to adjust your preferences. Most browsers are initially configured to accept cookies, but you can change this setting so your browser either refuses all cookies or informs you when a cookie is being sent. In addition, you are free to delete any existing cookies at any time. If you do so, please note that some features of the Services may not function properly when cookies are disabled or removed. For example, if you delete cookies that store your account information or preferences, you will be required to input these each time you visit. Although we do our best to honour the privacy preferences of our users, we are unable to respond to do not track signals set by your browser at this time.

 

14. Miscellaneous

14.1. The intellectual property rights on the site are owned by Tribu only. Except for the use of the Site’s Services, no use may be made of it including copied, modified, distributed, allowed to others, or used commercially.

14.2. All rights in all information accumulated in the designated area shall be of the organization.

14.3. It is known and agreed upon by the organization that any material and/or information and/or software downloaded or obtained in any way using the Site, is the sole responsibility of the organization and that the organization is responsible for any damage caused to its workstations and/or any loss of information and/or such software.

14.4. The license to use the Site is given for a full year from the date of opening the account and will be extended by the agreements between the organization and Tribu or automatically, as the case may be.

 

15. Changes to the Privacy Policy

15.1. Tribu reserves the right to change this document at any time and at its sole discretion.

15.2. Tribu will provide prior notice of the new terms at least 45 days before coming into effect. The continued use of the Site, after the entry into effect of these amendments, constitutes the organization's consent to the amended conditions.

15.3. To the extent that this document is amended to comply with any legal requirement, the amendments may take effect immediately, or as required by law.

 

16. Contact us.

You may contact us with any question, request, or concern via email at: office@we-tribu.com.