Privacy Policy

Last updated: 1/9/2025

This policy is intended to meet Israeli law requirements (including Amendment 13 to the Privacy Protection Law). An English translation is provided for convenience.

In case of conflict, the Hebrew version prevails.

1) Who we are and scope

This policy applies to [medisale.org], [medisimulator.com], [surgicaly.com] and related online services (the “Sites”).

Data Controller: Medisale (Company No. 057751612), 43 Yigal Yadin, Modi’in, Israel.

Privacy contact: info@medisale.org / 08-9718017.

2) Data we collect

Directly provided data: contact details, order/shipping details, support inquiries, uploaded documents.
Automatically collected data: IP address, device/browser identifiers, cookies, usage events, performance/security logs.
From third parties (as needed): payment processing, shipping, marketing, analytics/ads (see §7).

3) Purposes of processing

Operating the Sites, sales, billing, fulfillment, and support.
Account management, authentication, user identification.
Legal compliance (accounting, taxation, security).
Direct marketing with consent (email/WhatsApp/SMS) — separate opt-in, with easy opt-out anytime.
UX improvement, measurement, and analytics.

4) Principles & legal bases

Transparency & data minimization — collection for defined purposes only.
Consent for marketing — separate and explicit; revocable at any time.
Legal/contractual necessity — processing required for orders/invoicing/service.
Legitimate interests — security, fraud prevention, maintenance.

5) Your rights & requests

Subject to applicable law, you may request access, rectification, erasure, restriction, objection to direct marketing, and, where applicable, data portability.

Send requests to info@medisale.org. We respond within up to 30 days. You may also contact the Israeli Privacy Protection Authority.

6) Cookies & preferences

We use functional, analytics, and marketing cookies. Our cookie banner enables preference management and acceptance/rejection of non-essential categories.

7) Sharing with third parties (main categories)

Hosting/Infrastructure/CDN.
Payments (e.g., [PayPal/Tranzila/Stripe]).
Shipping/Logistics (e.g., UPS, DHL).
Email/SMS/WhatsApp marketing (e.g., Brevo (Sendinblue), approved messaging providers).
Analytics/Advertising (e.g., Google Analytics 4, Meta Pixel).

Providers act as our processors under appropriate data-processing and confidentiality/security agreements.

8) International transfers

Where data is transferred outside Israel (e.g., to the EU/EEA/US), we implement appropriate safeguards (standard contractual clauses, security controls, data minimization, and encryption where required).

9) Security

We apply administrative, technical, and physical safeguards: TLS/SSL, access controls, role-based permissions, anomaly monitoring, regular updates, and encryption where relevant. While no method is 100% secure, we follow industry-standard practices.

10) Children

The Sites are not directed to individuals under 18. We do not knowingly collect data from minors without parental/guardian consent as required by law.

11) Retention

Orders/invoices — 7 years (statutory).
Support inquiries — up to 24 months from last interaction.
Marketing data — until consent is withdrawn or 24 months of inactivity.
Technical/security logs — up to 12 months (for security and troubleshooting).