Privacy Policy – Yissum

Yissum Research Development Company of the Hebrew University of Jerusalem Ltd. ("Yissum", "the Company", "we", "us") operates to promote and facilitate activities related to research, development, technology commercialization, and innovation, while protecting the privacy of researchers, partners, employees, customers, suppliers, and other individuals whose personal data is processed by the Company.

This document sets out the principles and authority regarding data protection and information security within the Company.

These information security and privacy provisions apply to all Company employees, researchers, partners, clients, suppliers, contractors, and any other users of the Company's systems and facilities, whether accessing them on-site or remotely.

1. Introduction and Purpose

1. 1.1 This document outlines the main principles of Yissum's privacy policy and the rights granted to data subjects.
2. 1.2 Yissum is committed to protecting the privacy of students, employees, service providers, visitors, and other data subjects, and managing the data held by it in accordance with applicable law, including the Israeli Privacy Protection Law, 1981, its regulations, and the guidelines of the Israeli Privacy Protection Authority.
3. 1.3 Yissum aims to promote transparency and cooperation within the Company and with external stakeholders regarding privacy protection practices.
4. 1.4 Yissum operates in compliance with applicable international privacy regulations, including the EU General Data Protection Regulation (GDPR), where applicable.

2. Consent

The data is collected by Yissum with your consent in accordance with this Privacy Policy. It is clarified that you are not legally required to provide this information; however, without your consent, Yissum may be unable to process your request or provide services that require the data.

3. Data Controller

Yissum Research Development Company of the Hebrew University of Jerusalem Ltd. is the data controller for the data it holds and processes. Company address: (insert official address). For privacy inquiries: [email protected]

4. Definitions

• 4.1 Information Security: The set of actions and measures implemented by the Company to protect the confidentiality, integrity, and availability of information resources, as well as the privacy of users.
• 4.2 Privacy Protection Law: The Israeli Privacy Protection Law, 1981, and its regulations.
• 4.3 Personal Data: Any information relating to an identified or identifiable individual, including name, ID number, biometric data, location data, online identifiers, or any data related to physical, health, economic, social, or cultural status.
• 4.4 Sensitive Personal Data: Personal data regarding privacy of family life, personal privacy, sexual orientation, health data, genetic data, biometric identifiers, origin, criminal history, political opinions, religious beliefs, worldview, communication traffic data, salary, financial activity, or any personal data subject to legal confidentiality obligations.
• 4.5 Data Subject: The individual to whom the personal data relates.

5. Data Protection Officer

To protect privacy, the Company appoints a Data Protection Officer responsible for implementing privacy practices and serving as an organizational contact for privacy-related inquiries. Contact: [email protected]

6. Personal Data Collected

6.1 Yissum collects, processes, and stores personal data including, but not limited to:

• Personal identification details
• Employment and academic affiliation
• Socioeconomic information
• Health or medical information (only when necessary and permitted by law)
• Academic and professional information
• Financial and economic data
• Compensation and employment data
• Additional data as required for the purpose and circumstances

6.2 Purposes of Data Use: Personal data collected by Yissum is used to carry out the Company's tasks, purposes, activities, and legal obligations, including but not limited to:

• Managing researcher and partner relationships
• Licensing and commercialization activities
• Managing innovation and startup processes
• Contract and agreement management
• Human resources and payroll management
• Procurement and financial systems management
• Compliance with safety and legal requirements
• Conducting research and analysis

7. Data Collection Methods

To achieve its purposes, Yissum may use various communication and information systems, including social networks and digital platforms.

8. Security Measures, Monitoring and Technology Use

8.1 Yissum uses various technological and other security and monitoring measures for purposes defined in Company procedures, including information security and proper use policies. Such measures are implemented in a manner that protects privacy and complies with applicable law.

8.2 Yissum uses common technologies on internal and external websites for service optimization, information security, operational needs, and personalization.

9. Security Systems

Installation and use of security systems, including surveillance cameras and access control systems, shall be carried out in accordance with applicable law and Company directives.

10. Data Processing

10.1 Yissum processes collected data in accordance with the purposes defined in this policy, including service improvement, operational system management, academic, research and administrative management, and legal compliance.

10.2 Processing will be conducted fairly, transparently, and with appropriate technological and organizational safeguards to minimize privacy risks.

10.3 Yissum will not use data beyond what is required to achieve its purposes and will collect additional data only when required by law or operational necessity.

11. Data Transfer

11.1 Yissum may transfer personal data to third parties in Israel and abroad, including but not limited to:

• Affiliates and partners
• Authorized service providers, including hosting and IT systems providers
• Public authorities, including law enforcement, when required
• Other entities providing services to the Company

Transfers will be made only when:

• 11.1.1 The transfer aligns with the purpose for which the data was collected
• 11.1.2 The data subject consented
• 11.1.3 The transfer is required by a court order or mandatory authority request
• 11.1.4 The transfer complies with applicable law, including cross-border data transfer rules

11.2 When transferring data abroad, Yissum will apply required legal safeguards.

11.3 Yissum will not transfer data except as permitted under this Privacy Policy.

12. Confidentiality

All employees and service providers with access to personal data will sign confidentiality agreements restricting use to their roles and for the purposes of performing their duties only.

13. Data Protection and Responsibility

13.1 Yissum implements reasonable and commonly accepted information security measures to protect its information resources in accordance with the type of data and applicable law.

13.2 Every employee and user of Company systems is responsible for complying with applicable law, this policy, and information security rules.

14. Data Subject Rights

14.1 Data subjects may request access to their personal data or request correction, subject to conditions and limitations under law.

14.2 For privacy-related requests, contact: [email protected]

15. Updates

Yissum may update this policy from time to time. Any changes will be published on the Company's website.