In accordance with the Israeli Privacy Protection Regulations – Amendment No. 13

ISO27001:2022

Privacy and Information Security Policy – mPrest Systems (2003) Ltd.

1. Introduction

Your privacy is important to mPrest Systems (2003) Ltd. (“mPrest”). We collect, process, store, and disclose personal data only as necessary for the purposes described in this Policy. This Policy complies with:

The Israeli Privacy Protection Law, 1981 (including Amendment 13) and the Privacy Protection Regulations (Data Security), 2017.

Applicable international standards, including GDPR, CCPA, ISO/IEC 27001:2022, NIST SP 800-171, and SOC 2.

By accessing this Site or providing information to mPrest, you consent to the practices described in this Policy. If you do not agree, please discontinue using the Site.

2. Scope and Applicability

This Policy applies to mPrest’s website (the “Site”), our digital services, and any personal data processed for marketing, customer engagement, or business operations. If you access third-party links, their own privacy policies apply.

3. Categories of Personal Data Collected

mPrest may collect the following personal data:

Contact details: name, email address, phone number, organization, job title.

Information provided by you: when downloading marketing materials, registering for events, or filling “Contact Us” forms.

Technical data: IP address, browser type, operating system, cookies, site usage statistics.

Third-party data: marketing registries lawfully provided by third parties.

mPrest does not knowingly collect sensitive data unless strictly required by law or business necessity.

4. Purpose of Processing

We process personal data for:

Contacting customers and potential customers.

Marketing products and services (including email campaigns).

Handling feedback and support requests.

Providing requested information and improving user experience.

Securing our systems, preventing misuse, and ensuring compliance with legal and contractual requirements.

5. Legal Basis

Processing is carried out in accordance with applicable laws, including Israeli law (Privacy Protection Law, Amendment 13), GDPR (legitimate interest or consent, where applicable), and CCPA (service provider obligations).

6. Information Security Measures

mPrest applies technical and organizational controls in line with Israeli regulations and ISO 27001, including:

Role-based access controls and least-privilege authorization.

Encryption of sensitive data in transit and at rest.

Monitoring, logging, and auditing of system activity.

Periodic vulnerability assessments and penetration testing.

Employee awareness and security training.

Business continuity and disaster recovery planning.

7. Data Retention

Personal data will be retained only as long as necessary for the purposes described, or as required by law. Data that is no longer required will be securely deleted or anonymized in accordance with retention policies.

8. Data Transfers

mPrest may transfer personal data to third-party service providers, including outside Israel or the European Union, subject to:

Standard contractual clauses or adequacy decisions,

Legal safeguards ensuring equivalent protection of rights.

9. Data Subject Rights

Individuals have the right to:

Access their personal data.

Request correction, deletion, or restriction of processing.

Object to processing based on legitimate interest.

Withdraw consent at any time (where consent is the basis for processing).

Requests should be sent to: info@mprest.com

mPrest will respond in accordance with Israeli law and other applicable regulations.

10. Children’s Privacy

Our services are not directed at children under the age of 18. mPrest does not knowingly collect personal data from minors. If such data is identified, it will be deleted immediately.

11. Data Protection Officer (DPO) / Privacy Contact

mPrest has appointed a Data Protection and Information Security Officer responsible for compliance with Israeli law and international standards.

Contact: Avi Admon / CISO / secops@mprest.com

12. Policy Updates

This Policy will be reviewed at least annually or upon material changes in law or processing activities. Updates will be published on the Site.

13. Governing Law

This Policy is governed by the laws of the State of Israel, including the Privacy Protection Law and its amendments.