This Privacy Policy (hereinafter: the “Privacy Policy”) applies to the manner in which we, the Bloomfield Science Museum Jerusalem (hereinafter: the “Museum”, “we”, “us” or “our”), use personal information (as defined below) collected, received or maintained by us about individuals in connection with the use of the website: https://mada.org.il/ (including its subdomains and their content (hereinafter: the “Website”)).
The Museum is an institution for non-formal education. The Museum presents science as an integral part of modern culture and connects it to everyday phenomena through exhibitions on various topics with interactive exhibits and diverse activities. The Museum’s website serves as a platform for presenting content about the Museum as well as a platform for learning various scientific content.
1. Introduction. This Privacy Policy is implemented because we recognize the importance of privacy. This Privacy Policy details how personal information collected by the Museum during your visit to the Website will be managed, and the choices you can make regarding how such information is collected. “Personal Information” means any information that may be used, alone or together with other information, to personally identify an individual, including, without limitation, first and last name, email address, telephone number, IP address and other contact details.
2. Terms of Use. This Privacy Policy forms part of the Website’s Terms of Use, published at: https://mada.org.il/ (the “Terms of Use”). Any defined term not defined in this Privacy Policy shall be interpreted in accordance with the Terms of Use.
3. Consent and Changes. You are not legally obligated to provide us with Personal Information; however, we may not be able to provide you with services without such information. You hereby confirm that providing your Personal Information is done of your own free will. By using the Website, you agree to the terms of our Privacy Policy and to any collection, processing and sharing of Personal Information for the purposes detailed below. If you do not agree to this Privacy Policy, please do not access or use our Website. We reserve the right, at our sole discretion, to change this Privacy Policy at any time. This Privacy Policy is written in the masculine form for convenience only; however, it refers to all genders equally.
4. Types of Personal Information We Collect and How We Collect It. At present, we do not require you to provide Personal Information in order to access the general information available on the Website and the system. However, we receive and/or collect Personal Information from you in the following ways:
4.1. Contact Details. If you contact us by submitting an online form made available to you, or by sending an email to an address displayed on the Website, or through any other means within the Website and/or the system, you may be required to provide certain information such as your name, email address, telephone number, and the content of your inquiry, in order for us to handle your request.
4.2. Log Files. We may use log files. The information in log files includes IP address, browser type, date/time stamp, referring/exit pages, filtering actions, clicks, and any other information that may be transmitted to us by your browser. We may use such information to analyze trends, administer the Website and the system, track users’ movement on the Website and the system, and collect demographic information.
4.3. Cookies and Other Tracking Technologies. As part of the services, we may use “cookies”, anonymous identifiers and other tracking technologies for information security purposes, and in order to provide our services, present you with personalized information, and improve the user experience. A cookie is a small text file used, for example, to collect information about activity on the Website and the system, store user preferences and enable authentication. Certain cookies and other technologies may be used to retrieve Personal Information, such as an IP address.
Some cookies are operated by third parties, and information collected through them may be transferred to such parties. The ability of such third parties to use the information, including in an identifiable manner, depends on whether you have registered for their services and agreed to their privacy terms. For example, “Meta” may use its cookies to present you with tailored advertisements on the “Facebook” network if you have enabled it to do so.
Most browsers allow control over cookies, including whether to accept them and how to remove them. Most browsers can be configured to notify you when you receive a cookie, or you may choose to block cookies via your browser.
4.4. Mobile Device Data. We may collect limited information from your device for operational purposes. Such information may include device type, device ID, timestamps of Website and system usage, browser type, browser language, date and time of your request and the requested URL. We may also use location-based technology to help us collect aggregated statistical data; however, we will not use Personal Information that can identify you for these purposes.
4.5. Google Analytics and Other Analytical Tools. The Website may use a tool called “Google Analytics” to collect information about use of the Website. Google Analytics collects information such as how often users visit the Website, which pages they visit, and which websites they used prior to accessing the Website. We use the information obtained from Google Analytics to maintain and improve the Website and our products. We do not combine information collected through Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to and use of the Website is restricted by the Google Analytics Terms of Service available at http://www.google.com/analytics/terms/us.html and the Google Privacy Policy available at http://www.google.com/policies/privacy/. You can learn more about how Google collects and processes data in connection with Google Analytics at http://www.google.com/policies/privacy/partners/. You can prevent Google Analytics from using your data by downloading and installing the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout.
4.6 Meta Pixel. The Meta Pixel is a tool that helps track user actions on the Website and is used for tailoring advertising on media networks, including Facebook and other platforms operated by Meta. We use the information obtained from the pixel to maintain and improve the Website. We do not combine the information collected through the tool with personally identifiable information. However, if you have permitted Meta to do so, it may be able to identify you and use the information in accordance with its privacy policy: https://www.facebook.com/privacy/policy. You can prevent such linkage by adjusting your preferences on Meta platforms, for example here: https://www.facebook.com/off_facebook_activity.
5. Purposes of Data Collection. We may use Personal Information collected by us as described above in the following ways:
5.1. To provide you with services.
5.2. To contact you, including when you express interest in the Museum’s services.
5.3. To improve the Website, the system and the Museum’s performance, in accordance with its purposes.
5.4. To handle your requests of any kind and respond to inquiries and complaints.
5.5. To ensure information security on the Website and the system and comply with legal requirements.
5.6. For the purpose of defending against legal proceedings.
5.7. To send updates and notifications regarding the services we provide, to which you have subscribed, including via email or SMS to your mobile device.
6. Ticket Purchases
We use the services of “SmartTicket” (hereinafter: the “Ticket Company”) to operate the Website for ticket purchases. Accordingly, if you choose to purchase tickets through the Website, you will be redirected to the Ticket Company’s website, which is external to the Museum’s Website (https://mada.smarticket.co.il/?_ga=2.214069969.751138409.1669040161-2093896593.1668325277). The manner in which Personal Information is collected is subject to the Ticket Company’s Privacy Policy at (https://www.smarticket.co.il/%D7%9E%D7%93%D7%99%D7%A0%D7%99%D7%95%D7%AA_%D7%A4%D7%A8%D7%98%D7%99%D7%95%D7%AA). The Museum has ensured, in its engagement with the Ticket Company, that your privacy is protected in a manner consistent with the standards upheld by the Museum and applicable privacy laws.
7. Sharing of Personal Information
Except as stated above, we will not transfer the information you provide to third parties, except in the following cases:
7.1. To our service providers, who assist the Museum in its operations, including cloud service providers engaged to perform services on behalf of the Museum;
7.2. In the event you violate the Terms of Use or this Privacy Policy, or if you perform through the Website actions that appear to be unlawful, or attempt to perform such actions;
7.3. In the event of any dispute, claim, demand or legal proceedings, if any, between you and the Museum;
7.4. In any case where the Museum believes that disclosure of the information is necessary to prevent bodily harm or damage to property (to you or to a third party), or in connection with an investigation of suspected illegal activity;
7.5. Where the Museum is required by law to transfer your personal details and information collected about your activity on the Website to third parties, including if the Museum receives a judicial order instructing it to provide your details or information about you to a third party, or in response to a request from a law enforcement authority or other governmental or public authority.
In certain cases, third parties to whom the information is transferred as described above may be located outside of Israel, including in the United States. You hereby consent that information relating to you will be transferred and stored outside the borders of the State, in accordance with applicable law and for the purposes set forth above.
8. Data Security. The Museum implements systems and procedures for data security on the Website. While these systems and procedures reduce the risks of unauthorized access to the Museum’s computers, they do not provide absolute security. Therefore, although we strive to use accepted and reasonable measures to protect your Personal Information, the Museum does not guarantee that the Website will be completely immune from unauthorized access to the information stored therein. If you have any questions regarding security of the service or confidentiality, you may contact us at: it@mada.org.il
9. Opt-Out. You may choose not to receive email messages from us by clicking the unsubscribe link in accordance with legal requirements.
10. Children’s Privacy. As a rule, the Museum does not intend to collect Personal Information about children under the age of 18. Where such Personal Information is collected (for example, when children’s images are published on the Website), it is subject to the explicit consent of the child’s parent or legal guardian. If you choose to provide Personal Information about your child (for example, by submitting a question on the Website), you do so at your sole discretion and will be deemed to have expressly consented to the collection of such information.
11. Your Rights and Protection of Your Privacy. We respect your right to privacy and aim to retain only necessary, accurate and up-to-date information. It is important for us that you know that you are entitled to review the information about you held by us, and if you find that such information is incorrect, incomplete, unclear or outdated, you may contact us with a detailed request to correct or delete such information, in accordance with the Privacy Protection Law, 5741–1981, and regulations enacted thereunder. You are invited to contact us regarding this matter and any questions relating to your privacy by sending an email to: ronybc@mada.org.il
12. Governing Law and Jurisdiction. This Privacy Policy shall be governed exclusively by the laws of the State of Israel, and the courts of Jerusalem shall have exclusive jurisdiction over any claim relating to this Privacy Policy. If it is determined in a final and binding judgment or decision that any part of this Privacy Policy is invalid, only that part shall be void and all other parts shall remain in full force and effect and continue to bind you. You agree that this Privacy Policy shall be given the broadest possible interpretation and application in order to uphold it or any part thereof.
Last updated: April 2023.
We do not knowingly collect data from children under 18 without parental consent.
You may review, correct, or request deletion of your data under applicable law by contacting: ronybc@mada.org.il
This Privacy Policy is governed exclusively by the laws of the State of Israel. Jurisdiction lies exclusively with the courts in Jerusalem.
Last updated: April 2023
Bloomfield Science Museum Jerusalem
1. Introduction and Purpose
1.1 The purpose of this document is to outline the main principles of the privacy protection policy implemented at the Museum and the rights granted to the data subject. In certain cases, multiple procedures or policies may apply. For example, a user of the Museum’s website will also be subject to the Website’s Privacy Policy.
1.2 The Bloomfield Science Museum Jerusalem (hereinafter: the “Museum”) is committed to protecting the privacy of its employees, service providers, visitors, and other data subjects, and to managing the information it holds in accordance with all applicable laws, in particular the Protection of Privacy Law, 5741–1981, and the regulations enacted thereunder, the terms of this policy, and other relevant procedures.
1.3 The Museum will strive to promote principles of transparency and cooperation within the Museum and with external parties in all matters relating to its activities and the activities of its employees in the field of privacy protection.
2. Definitions
2.1 Information Security and Cybersecurity (hereinafter: “Information Security”): the set of actions and measures implemented by the Museum, intended to protect the confidentiality, integrity, and availability of information resources, as well as the privacy of users of such resources.
2.2 The Museum’s Information Resources (hereinafter: “Information Resources”):
2.2.1 Computing Resources: any hardware, embedded devices, equipment, software, infrastructure, networks, and computing systems of any kind belonging to the Museum and/or related to its operations, including those provided via external suppliers and cloud services.
2.2.2 Museum Information: any type of information, including intellectual property and personal information, owned by the Museum and/or stored, processed, or generated within the Museum, including in systems owned or used by the Museum and/or by external providers, including cloud services.
Hereinafter together: “Information Resources”.
2.3 Information Security Manager: the person responsible for and authorized to protect the Museum’s Information Resources.
2.4 “Protection of Privacy Law” – the Protection of Privacy Law, 5741–1981, and the regulations enacted thereunder.
2.5 “Information” or “Personal Information” – data concerning a person’s personality, personal status, privacy, health condition, financial status, professional qualifications, opinions, and beliefs.
2.6 “Data Subject” – the individual to whom the information relates.
3. Privacy Protection Officer
For the purpose of protecting privacy, the Museum has appointed a “Privacy Protection Officer” (the “Officer”), who is responsible, among other things, for implementing privacy protection provisions at the Museum in accordance with applicable laws. The Officer will also serve as the organizational contact for receiving inquiries on privacy matters and will report, where necessary, to the relevant privacy protection authorities. The Officer will operate on all matters with legal aspects in coordination with the University’s legal department.
4. Personal Information
The Museum collects, processes, and retains information including, inter alia: personal details, contact details, audio or video recordings, and additional information, all in accordance with the purpose of collection, the circumstances, and the law.
5. Purposes of Use of Information
The information collected and processed by the Museum is used for carrying out its tasks, objectives, activities, and functions. Without derogating from the generality of the above, these purposes include, inter alia:
5.1 Operation of the Museum
5.2 Coordination of visits and customer bookings
5.3 Provision of the services offered by the Museum
5.4 Marketing
5.5 Human resources management, including salary payments and social benefits
5.6 Customer service operation and control
5.7 Management of procurement and financial systems
5.8 Implementation of safety laws, regulations and procedures, and maintaining public safety and order
5.9 For the purposes described above, the Museum may use various communication means, including email, SMS messages, and social media
6. Cookies and Other Technologies
The Museum uses Cookies and other technologies on its website for service optimization, information security, ongoing operation, and personalization of services. You may disable or modify cookie settings in your browser.
7. Security
The installation, use, and operation of security cameras shall be carried out in accordance with applicable law.
8. Data Transfer
The Museum may transfer information to third parties בארץ ובחו"ל (in Israel and abroad) in any of the following cases:
8.1 The transfer is consistent with the purpose for which the information was provided.
8.2 The data subject has consented to the transfer.
8.3 The transfer is required by a court order or by a binding request of a competent authority in accordance with the law.
8.4 The transfer complies with legal provisions regarding data transfer between public bodies.
8.5 When transferring information to a public body, the Museum will act in accordance with applicable legal requirements.
It is clarified that the Museum will not transfer information to others except as stated in this Privacy Policy.
9. Confidentiality
Any Museum employee or service provider with access to information shall sign a confidentiality agreement regarding the protection of information confidentiality and limiting its use strictly within the scope of their role.
10. Information Protection and Responsibility
10.1 The Museum employs reasonable and accepted technological information security measures in order to protect its Information Resources, in accordance with the type of information and legal requirements. These measures include password protection for systems, periodic password changes, use of two-factor authentication (for Salesforce and SmarTicket systems), and automatic logout after inactivity.
10.2 Every employee and user of the Museum’s Information Resources bears full responsibility to act in accordance with the law, this policy, and information security procedures, including proper use guidelines.
10.2.1 Personal passwords for systems and organizational computers must not be shared with any party.
10.2.2 Information stored in systems must not be used improperly or for non-work-related purposes.
10.3 List of employees with access permissions to systems:
10.3.1 Salesforce – Data Manager, activity coordinators (general sector, Arab sector, business sector), training coordinator, public programs manager, operations manager, accountant [restricted access – museum ticket office]
10.3.2 SmarTicket – Data Manager, ticket office manager, VP Business Development, Museum Director [restricted access – museum ticket office]
10.3.3 Shiklolith – Accountant, payroll accountant
10.3.4 Internal server (manager) – Museum Director, accountant
10.4 Once a year, all access permissions shall be reviewed and access for unauthorized employees shall be removed.
10.5 The Museum’s audit committee will review information security and privacy protection every four years and identify risks requiring attention.
10.6 The Museum maintains ongoing contact with companies hosting its data for updates regarding security incidents.
10.6.1 In the event of a security incident on the Museum’s servers, the IT manager will immediately disconnect all Museum computers from the network until the issue is identified and resolved. If necessary, an external expert company will be engaged.
11. Data Subject Rights
11.1 A data subject may request to review information held about them or request correction of such information. The data subject may also request deletion of information used for direct marketing or that it not be transferred to third parties. Requests will be handled in accordance with the law.
11.2 For any matter related to data subject rights, please contact: privacy@mada.org.il
12. Updates
The Museum may update this policy from time to time. Any changes will be published on the Museum’s website.