Personal Data Processing Policy of VISMOIL

1. General Provisions

1.1. This Personal Data Processing Policy (hereinafter referred to as the Policy) is developed in accordance with the requirements of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the Constitution of Israel, international treaties, Israeli legislation, and other regulations related to personal data protection.

1.2. The purpose of this document is to inform data subjects and individuals who process personal data about compliance with the principles of legality, fairness, and security in the processing of personal data, as well as to ensure their protection against unauthorized access, loss, modification, and other forms of unlawful action.

1.3. All processing of personal data is carried out by VISMOIL (hereinafter referred to as the Company or the Operator) on a voluntary basis with the consent of the data subjects, provided on lawful grounds. The Company is committed to protecting the rights of data subjects, ensuring that their data processing does not violate their rights and freedoms.

1.4. The processing of personal data within the Company is carried out to ensure the fulfillment of obligations related to employment relations, civil law contracts, and to comply with the legislation and regulatory acts governing the Company’s activities.

1.5. The Company takes all necessary measures to ensure the protection of personal data and the compliance with the principles of legality and transparency in their processing.

⸻

2. Legal Grounds for Processing Personal Data

2.1. Personal data processing is carried out on the basis of the consent of the data subjects and in the following cases:

• To fulfill obligations under contracts, including labor and civil law contracts.

• To comply with Israeli legislation, international agreements, and internal regulations of the Company.

• To protect the legitimate interests of the Company, including protection against legal risks, compliance with court rulings, and adherence to legal requirements.

⸻

3. Purposes and Methods of Personal Data Processing

3.1. Personal data is processed using both automated and non-automated means (mixed processing), depending on the requirements of specific processing processes.

3.2. Personal data may be transferred within the Company’s internal systems or via information and telecommunications networks to achieve the stated purposes.

3.3. The main purposes of personal data processing:

• Ensuring effective performance of labor duties, as well as assistance in employment, training, and professional development.

• Realization of social benefits and guarantees, ensuring employee safety.

• Provision of services, fulfillment of obligations under civil law contracts, and ensuring compliance with obligations to counterparties.

• Compliance with corporate governance, taxation, and social protection legislation.

• Preparation of reports and fulfillment of obligations to state authorities.

⸻

4. Personal Data Processed and Data Sources

4.1. Personal data may be provided by data subjects personally or through their legal representatives on a voluntary basis.

4.2. In exceptional cases, when necessary to fulfill contractual obligations or in cases prescribed by law, personal data may be obtained from third parties, provided that the data subject’s consent is given.

4.3. The Company commits not to process special categories of personal data (e.g., related to racial or ethnic origin, health status, and political opinions), except in cases prescribed by law.

⸻

5. Data Processing and Storage Periods

5.1. Personal data is processed for the period necessary to achieve the processing purposes or for the duration stipulated by law.

5.2. After the achievement of the processing purpose or the expiration of the retention periods, the data shall be destroyed or anonymized if further processing is not required by law.

⸻

6. Rights of Data Subjects

6.1. A data subject has the right to obtain information about the processing of their personal data.

6.2. If the personal data is incomplete, outdated, or improperly obtained, the data subject has the right to demand its correction, blocking, or destruction.

6.3. The data subject has the right to appeal the actions or inaction of the Operator in court or before the authorized personal data protection authorities.

⸻

7. Transborder Data Transfer

7.1. The Company may transfer personal data outside Israel, including to countries that provide an adequate level of personal data protection.

7.2. Data transfer may be carried out on the basis of the consent of the data subject or in other cases prescribed by law.

⸻

8. Third Parties Processing Personal Data

8.1. The Company may entrust the processing of personal data to third parties under a contract and in compliance with the legal requirements.

8.2. In cases where personal data processing is entrusted to third parties, the responsibility for compliance with the law and the protection of data remains with the Operator.

⸻

9. Measures for Personal Data Protection

9.1. The Company takes all necessary organizational, legal, and technical measures to protect personal data from unauthorized access, loss, modification, and other unlawful actions.

9.2. Protection measures include implementing access control systems, training employees, and monitoring compliance with personal data protection legislation.

⸻

10. Liability for Violations of Personal Data Processing Rules

10.1. Employees of the Company responsible for personal data processing are liable for any violation of established rules, including disciplinary, civil, and criminal liability.

⸻

This document is aimed at ensuring transparency and trust in the processing of personal data, as well as complying with all legal requirements to protect the confidentiality and security of the data of the Company’s clients, employees, and counterparties.