Rapac Privacy Statement

At the Rapac Group, we take the protection of information with the utmost seriousness; privacy, data security, and cyber-security constitute the very core of our operations. This Privacy Statement (hereinafter: the “Privacy Statement”) outlines the fundamental principles and primary procedures we employ to ensure your privacy is respected while using our services.

Rapac (hereinafter: “We”) processes the personal information of users of Rapac services for ordering retail products via the application and/or website, as well as users of Rapac’s other products and services, and visitors to the website https://www.Rapac.Co.il.

1. Key Definitions

• “Rapac Services”: Refers collectively to the Rapac website, application, and all other services provided by Rapac to its users.
• “User” or “You”: Refers collectively to our customers, the customers of our group companies, users of various Rapac services, representatives and other authorized users of our corporate clients, and potential customers or users of Rapac services.

2. Scope and Updates

• This Privacy Statement explains the types of personal information we process, our processing methods, and how you may exercise your rights as a data subject (e.g., the right to object or the right of access).
• Certain services may be subject to a separate privacy policy, which will be published in connection with that specific service.
• We may update this statement periodically to reflect changes in our processing practices or other circumstances.
• The most current version is available on our website.
• We will not make material changes or diminish user rights under this statement without providing prior notice.
• In the event of a conflict between the Hebrew version of this statement and versions in other languages, the Hebrew terms shall prevail regarding services provided within Israel.

---

Data Controllers and Contact Information

Data Control

• Rapac is the controller of your personal information, determining the purposes and means of its processing.
• Rapac also provides services to other companies (e.g., Intergamma, Del-Ta, Rapac Renewable Energies).
• In such instances, Rapac acts as a Data Processor on behalf of the controller regarding processing services related to receiving, managing, and completing deliveries, as well as messaging and delivery confirmation.
• For services involving software like “Priority,” Rapac and the relevant company may both act as Joint Controllers regarding processing activities related to order execution, payment processing, and communication management.

Contact Details

• Entity: Rapac Communication and Infrastructure Ltd.
• Company Number: 520029505.
• Mailing Address: 6 Meir Ariel, Intergamma Building, Netanya.
• Email: [email protected].
• Data Protection Officer (DPO): You may contact our DPO at the address above or via email at [email protected] or [email protected].

---

Personal Data Processed and Sources

We process personal information only to the extent required and appropriate for specific processing purposes, categorized into User Data and Usage Data.

User Data

User Data is personal information collected directly from you or from the corporate client on whose behalf you use Rapac services.

Essential Data for Service Provision:

• Registration: Full name, phone number, and email address.
• Payment: Payment method number, expiration date, and security code (CVV) required for ordering products.
• Compliance (KYC/AML/ATF): Where required by law, we may collect date of birth, bank account details, identification documents, passport photos, “selfie” photos, political affiliation information, and residential address.
• Transaction Records: We collect details of all transactions and payments, including information from local credit card companies regarding transactions paid for (or attempted) using “10bis” branded credit cards.

Voluntary Data Provided During Use:

• Profile: Photos, delivery addresses, and location data (subject to your consent).
• Preferences: Loyalty program details, favorite branches/service centers, and marketing preferences.
• Interactions: Information provided via phone, email, or chat (including call recordings with customer service) and data related to privacy rights requests.
• Restricted Products: Age verification and identification documents (e.g., ID photos, selfies) where required by law for purchasing age-restricted items.

Usage Data

Usage Data is derived from your interaction with Rapac services. While typically not used to identify individuals, it may be considered personal information when combined with User Data.

• Device Info: Device/browser type, version, features, and settings.
• Connectivity: ISP, connection type, and IP address.
• Location: Country, region, time zone, and Geo-IP level location.
• Interaction: Clickstream data (how you reached our services), application usage patterns, and ad interactions.

---

Cookies and Tracking Technologies

We utilize cookies, SDKs, and web/app telemetry for several purposes.

• Strictly Necessary: Required for service functionality; these are always active.
• Functional: Used to perform important service functions.
• Analytical: Helps us understand platform usage and optimize performance.
• Marketing/Advertising: We share data (such as email or advertising IDs) with marketing partners to present personalized offers on third-party platforms.

Management: You can manage preferences via the link in the website footer, app settings, or browser configuration.

---

Purposes and Legal Basis for Processing

We process data based on several legal grounds:

1. Contractual Necessity: To provide services, manage orders, process payments/refunds, and communicate about terms or service changes.
2. Legitimate Interest: For debt collection, legal defense, fraud prevention, service improvement, and marketing (balanced against your privacy rights).
3. Legal Obligation: For bookkeeping, tax reporting, age verification, and KYC compliance.
4. Consent: For precise location tracking and personalized direct marketing.

Note for Israeli Users: By accessing Rapac services, you consent to the collection, processing, and transfer of your data as described, including transfers to countries with different privacy protection levels. Providing information is voluntary, but refusal may limit our ability to provide services.

---

Data Recipients and International Transfers

Sharing with Third Parties

• Internal: Within the Rapac organization as reasonably necessary.
• Service Providers: Authorized providers for data storage, analytics, marketing, and payment processing.
• Partners: We share necessary details (name, address, phone) with merchants and delivery partners to fulfill your orders.
• Legal/Safety: When required by law, court order, or to prevent fraud and protect Rapac’s safety and interests.
• Business Transfers: In the event of a merger or acquisition, data may be shared with the involved third parties.

International Transfers

Rapac primarily stores data within the European Economic Area (EEA). However, our providers may process data in other countries. We ensure an adequate level of protection through Standard Contractual Clauses or other appropriate safeguards.

---

Your Rights and Data Security

Your Rights

Depending on your residency, you may have the right to:

• Access: Request a copy of your processed data.
• Rectification: Correct inaccurate or incomplete information.
• Erasure (“Right to be Forgotten”): Request deletion, subject to legal retention requirements.
• Withdraw Consent: Revoke consent for processing at any time.
• Objection/Restriction: Oppose certain uses or limit processing during disputes.
• Data Portability: Receive your data in a structured, commonly used format.

Data Security

We employ administrative, technical, and physical safeguards, including encryption, pseudonymization, and firewalls, to ensure the confidentiality and integrity of your data. Access is strictly limited to employees whose tasks require it.