Protection of Privacy Policy

The Open University of Israel (hereinafter: “the University”) is under the obligation to protect and adhere to regulations governing privacy and the protection of personal information and the management of the information, as this term is defined below, held by the University in accordance with the Protection of Privacy Law 5741 - 1981 and its regulations. Additionally, the University must comply with other applicable statutory provisions and international regulations concerning privacy protection, such as the European Union’s General Data Protection Regulation (GDPR), in circumstances where these statutory provisions and/or rules apply to the University.

Expand All

Introduction

Aim
The aim of a privacy protection policy document is to detail the main points of the privacy protection policy implemented by the University and the rights of the data subjects (students, alumni, people interested in studies, the University’s employees, suppliers, service providers, visitors, and other data subjects) in accordance with the provisions of any law.

Definitions and General Concepts
1. “The Protection of Privacy Law” – the Protection of Privacy Law 5741 - 1981, and the regulations pursuant to it.
2. “Personal or sensitive information” – as defined in the Protection of Privacy Law or the EU Protection of Privacy Regulations: Any information about a natural [JV1] person who is identified or identifiable directly or indirectly, relating, among other matters, to details of the person’s name, address, contact information, identity number, credit card number, location data including their online location, their physical, physiological, genetic, mental, economic, cultural, and social information, as the case may be, and any information about a person’s private life, medical and mental condition, their political opinions and religious beliefs, and their sexual orientation, actions or habits.
3. “Data subject” – the person to whom the information relates.
4. “Processing information” – any activity carried out with the information, whether by automatic or other means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, disclosure, transmission, distribution, combination, restriction, erasure, and destruction of the information.
5. “GDPR (General Data Protection Regulation)”- the European Union's privacy protection regulations (May 2018): Mandatory provisions regulated by the European Parliament, the Council of the European Union and the European Commission in order to protect data subjects in the territory of the EU with regard to processing personal data of the Union's citizens.
6. “Protection of Privacy Regulations” – Protection of Privacy Regulations (Data Security) 5717 - 2017.)

Interpretation
In a case where it is necessary to interpret any of the terms in this document, they will be interpreted in accordance with the provisions of the Protection of Privacy Law or the EU's privacy protection regulations, as the case may be.

The Owner of the Information and the Data Protection Officer

The Data Protection Officer
For the purposes of privacy protection, including for the purposes of privacy protection according to the EU's privacy protection regulations, the University has appointed a Data Protection Officer (DPO). Part of the DPO’s role is to act to implement the privacy protection provisions and ensure that the University complies with these rules, in coordination with the University’s legal advisor.
The DPO will also serve as the corporate address for inquiries on privacy protection issues. Here are the details of the University’s Data Protection Officer: ravidmo@openu.ac.il

Principles of Privacy Protection

The purposes of information processing
The information collected and processed by the University is used by it for one or more of these purposes:
1. Managing academic and administrative information and maintaining contact with people inquiring about studies, candidates for studies, the students and pupils who study in the University and its alumni.
2. Research – for carrying out scientific or historical research, collecting statistical data, including for archival purposes. Sometimes when collecting information for the purpose of scientific research, it is impossible to know beforehand all the purposes for which the information will be used. Therefore, consent can be given for certain parts or areas of research, where it is consistent with recognized ethical standards.
3. Managing human resources and the personnel employed by the University, including accepting candidates for employment.
4. Managing the University’s procurement system, including contact with external suppliers.
5. Maintaining public order and security, subject to the provisions of any law.

The Data Subject's Rights

Data subjects may request to review the information about themselves and amend incorrect information. Data subjects may also request that information about them used for direct mailing be deleted from the database or that it not be transferred to third parties. The request will be dealt with, subject to the terms and restrictions determined by law and by the University’s procedures.
Please contact the Freedom of Information officer by email with any inquiry or request related to reviewing information: foia@openu.ac.il

Please contact the DPO by email with any inquiry or request related to the data subject's rights: ravidmo@openu.ac.il

Responsibility and Mechanisms for Implementing the Principles

Security and monitoring
The University makes use of a variety of technological and other measures for security and monitoring for the purposes detailed in the University’s procedures, including the information security policy and proper use of information resources. The measures for security and monitoring will be conducted in a manner that maintains the privacy of the data subject, subject to the provisions of the law.

Cookies and other technologies
The University uses various cookies that are necessary to operate the website, for statistical purposes and to save the user’s preferences. It may also use essentially similar technologies for the ongoing operation of the website. The user can and may adapt the browser to enable or disenable cookies.

Cameras
As a rule, the use of cameras on the various campuses for security, teaching, research, and work purposes will take place in accordance with the provisions of the law and adhering to the principles of privacy protection and the University’s procedures.

Transfer of information
The transfer of information between organizations, when necessary, will take place while ensuring the protection of privacy. The transfer of information to any third parties whatsoever in Israel or abroad will occur only in the following cases:
The transfer of information corresponds to the aim for which the information was given.
The data subject has agreed to the transfer of the information.
The transfer of information is carried out according to a judicial order, or according to a mandatory requirement of an official authority, subject to the provisions of the law.
The transfer of information is in accordance with the provisions of the law regarding the transfer of information between public bodies.
Reliable third parties that assist us in the operation of our services, managing our ongoing activity or giving service to the data subject, subject to undertaking to maintain confidentiality.

Direct mailing
The University may, from time to time, send advertising and marketing information connected to the University or its services. This information will be sent in accordance with the law and, in any case, consent can always be cancelled so that no further messages are received.

Confidentiality
Every University employee or service provider with access to information will sign a confidentiality agreement that relates to maintaining the confidentiality of information and limiting its use solely to within the scope of their duties.

Protection of information and responsibility
The University, the database holders, and the administrators of the databases in the University are obliged to maintain the security of the information in accordance with the level of security required by law for that database, and with the University’s information security procedures and the contracts to which they are subject.
We implement measures to reduce the risks of damage, loss of information, and unauthorized access or use of the information including policy rules for employees and users of the university’s information resources.

Changes to the policy
The University may change the provisions of this policy from time to time. If any changes are made to this policy, the University will keep the users informed by publishing the current policy on its website or in any other way for the information of the users.