Privacy Policy
Privacy Policy
Last updated: February 15, 2026
Introduction
Arcusis is an Israeli software development company registered in the State of Israel, with its principal place of business at Millennia Tower, The 1000 Complex, Entrance B, 18th Floor, 23 HaRishonim Blvd, Rishon LeZion 7519701, Israel. We operate the website arcusis.com and provide software development services to clients and prospective clients worldwide. We are deeply committed to protecting the privacy of every individual who interacts with our website or services, and this Privacy Policy has been drafted to reflect that commitment with the precision and transparency that applicable law demands.
This Privacy Policy governs the collection, use, storage, disclosure, and protection of personal data obtained through your use of arcusis.com, including any contact forms, embedded maps, or analytics features made available on that website. It is effective as of February 15, 2026, and supersedes any prior privacy policy published by Arcusis.
The processing of personal data by Arcusis is governed primarily by the Israeli Privacy Protection Law, 5741-1981 (hereinafter the "Israeli Privacy Law") and the regulations promulgated thereunder, including the Regulations for the Protection of Privacy (Data Security), 5777-2017, the Regulations for the Protection of Privacy (Transfer of Data to Databases Abroad), 5761-2001, and the provisions of Amendment 13 to the Israeli Privacy Law concerning data breach notifications and tracking technology consent. To the extent that Arcusis processes personal data of individuals located in the European Union or European Economic Area, the EU General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter "GDPR") also applies. To the extent that Arcusis processes personal information of California residents, the California Consumer Privacy Act of 2018 (Cal. Civ. Code §§ 1798.100 et seq., "CCPA") as amended by the California Privacy Rights Act of 2020 ("CPRA") applies. Additionally, communications sent by Arcusis are subject to the Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 ("CAN-SPAM Act") where applicable.
Please read this policy carefully. By using our website or submitting information to us through any means, you acknowledge that you have read, understood, and agreed to the terms set forth herein. If you do not agree with this policy, you should refrain from using arcusis.com.
Data Controller
For the purposes of the GDPR, Arcusis is the data controller in respect of your personal data — meaning we are the entity that determines the purposes and means of processing your personal information. For the purposes of the Israeli Privacy Law, Arcusis is the owner of the database in which your personal data is stored. For the purposes of the CCPA and CPRA, Arcusis is the business that collects, uses, and discloses your personal information.
Our contact details as data controller are as follows: Arcusis, Millennia Tower, The 1000 Complex, Entrance B, 18th Floor, 23 HaRishonim Blvd, Rishon LeZion 7519701, Israel. You may reach us by email at info@arcusis.com or by telephone at 058-469-6000. All requests, inquiries, and complaints relating to the processing of your personal data should be directed to us at these coordinates.
We do not currently maintain a designated Data Protection Officer (DPO) as defined under GDPR Article 37, as our processing activities do not trigger the mandatory DPO appointment thresholds. However, inquiries relating to data protection matters will be handled promptly and seriously by the responsible members of our team. Similarly, we maintain registration of our personal data databases with the Israeli Registrar of Databases as required under Section 8 of the Israeli Privacy Law.
Information We Collect and Why
Arcusis collects personal data from you only in specific, limited circumstances and only to the extent necessary for a defined and legitimate purpose. We do not collect personal data speculatively, excessively, or without a clear reason traceable to our operations or your interaction with us. The categories of personal data we collect, and the reasons we collect them, are described in detail below.
When you voluntarily submit our contact form at arcusis.com, we collect the information you provide therein. This typically includes your name, your email address, your telephone number if provided, the nature of the service you are enquiring about, and the content of your message. We collect this information because it is indispensable for the purpose of responding to your inquiry in a meaningful and personalised way. Without this information, we would be unable to answer your query, assess whether a business relationship is appropriate, or take the pre-contractual steps you have initiated by reaching out to us. The legal basis for this processing, under GDPR Article 6(1)(b), is the performance of steps at your request prior to entering into a contract; and additionally, under GDPR Article 6(1)(a), your consent as expressed by the act of voluntarily submitting your data through the form. Under the Israeli Privacy Law, the submission of the contact form constitutes your consent to the use of your personal data for the purposes of responding to your inquiry and maintaining records thereof.
When you access our website, our web hosting infrastructure and server-side systems automatically collect certain technical data about your connection. This includes your Internet Protocol (IP) address, the type and version of the browser you are using, the operating system and device type from which you access the site, the date and time of your request, the URL you requested, and the referring URL, if any, that directed you to our site. This information is collected automatically as an inherent function of how websites and servers communicate, and it serves the legitimate purposes of maintaining the security of our systems, diagnosing technical errors, preventing fraudulent or abusive use of our infrastructure, and understanding at a general level how our website is accessed. The legal basis for this processing under GDPR Article 6(1)(f) is our legitimate interest in operating a secure and well-functioning website; we have assessed that this interest is not overridden by your fundamental rights and freedoms, particularly given the limited nature and routine character of such technical logs.
Where you have provided your prior, freely given, specific, informed, and unambiguous consent through our cookie consent banner, we activate Vercel Analytics on your browsing session. Vercel Analytics is a privacy-respecting analytics service that collects anonymised and aggregated information about how visitors interact with our website. The data collected includes the pages you visit, the duration of your session, the type of device and browser you use in anonymised form, and the referral source of your visit. Vercel Analytics is designed not to collect personally identifiable information and does not use persistent cross-site tracking cookies. If you have not consented, Vercel Analytics is not activated and no usage data is collected. The legal basis for analytics processing under GDPR Article 6(1)(a) is your consent, which you may withdraw at any time through the cookie preference centre.
When you send or receive emails or other communications with Arcusis employees or representatives in connection with our services or in response to a contact form submission, we process the contents of those communications and any personal data contained therein. This communication data is processed on the legal basis of our legitimate interests under GDPR Article 6(1)(f) in maintaining records of our business interactions and delivering the services or information you have requested, as well as on the basis of pre-contractual or contractual performance under GDPR Article 6(1)(b) where applicable.
Legal Bases for Processing
The GDPR requires that every processing operation performed on personal data of EU/EEA data subjects must rest on one or more lawful bases enumerated in Article 6 of the Regulation. Arcusis processes personal data strictly in accordance with those requirements and with the equivalent requirements under Israeli law, which similarly mandates a lawful basis — principally consent under Section 1 of the Israeli Privacy Law — for the inclusion and use of personal information in a database.
Consent, as defined under GDPR Article 6(1)(a) and Recital 32, and as required under the Israeli Privacy Law and Amendment 13 thereof in the context of tracking technologies, constitutes our primary legal basis for analytics processing and for the processing of contact form submissions where pre-contractual necessity is not sufficient on its own. We rely on consent only where it has been freely, specifically, and unambiguously given. Consent may be withdrawn at any time without detriment, and withdrawal will not affect the lawfulness of any processing carried out prior to withdrawal. Where consent is the applicable legal basis, we maintain records of when and how consent was obtained, as required by GDPR Article 7(1) and applicable Israeli regulations.
The performance of a contract or the taking of steps at a data subject's request prior to entering into a contract, as set forth in GDPR Article 6(1)(b), provides the legal basis for processing contact form submissions and related communications. When you reach out to Arcusis to enquire about our services, you initiate a process of pre-contractual engagement, and the processing of the personal data you provide is a necessary and proportionate step in responding to that engagement.
Our legitimate interests under GDPR Article 6(1)(f) provide the legal basis for the processing of technical server log data and for maintaining records of business communications. In assessing whether our legitimate interests override your fundamental rights and freedoms as required by the balancing test under Article 6(1)(f), we have considered the limited sensitivity of the data processed, the reasonable expectations of visitors to a professional services website, the security and operational necessity of the processing, and the fact that you retain full rights to object to this processing at any time. We have concluded that our legitimate interests in maintaining website security, diagnosing technical problems, and keeping records of business interactions are genuine, specific, and not overridden by your rights.
Compliance with a legal obligation under GDPR Article 6(1)(c) and equivalent Israeli law provisions may require us to process or retain personal data in certain circumstances, such as where we are required by Israeli tax law, commercial law, or regulatory order to retain records for defined periods, or where we are required to disclose information to competent authorities in response to a lawful order or legal process.
How We Use Your Personal Data
Arcusis uses personal data collected from or about you solely for the purposes described in this policy, and we do not process personal data in a manner that is incompatible with the purpose for which it was originally collected. This principle of purpose limitation is enshrined in GDPR Article 5(1)(b) and reflects the spirit of the Israeli Privacy Law's prohibition on using personal data for a purpose other than that for which it was provided.
The primary use of personal data submitted through our contact form is to respond to your inquiry. This means reading, understanding, and analysing your message; assigning your inquiry to the appropriate member of our team; drafting and sending a reply; and maintaining an internal record of the exchange for continuity and service quality purposes. Where your inquiry leads to a commercial engagement, we may retain and use the data you provided in the context of establishing and managing that engagement.
We use technical data from server logs and analytics — to the extent analytics have been activated with your consent — to improve the performance, design, content, and navigation of our website. This includes identifying pages that generate errors, understanding which content is most visited, evaluating the effectiveness of our site structure, and making data-informed decisions about site improvements. All such uses are conducted at an aggregate or anonymised level wherever possible, and are not directed at profiling or evaluating individual users.
We use personal data to communicate with you about our services, to send information you have requested, and to follow up on enquiries or proposals that have been initiated at your request. We do not send unsolicited commercial electronic messages. Any marketing communications we send will comply with the CAN-SPAM Act requirements of accurate header information, honest subject lines, clear identification as commercial messages, and an easy opt-out mechanism, as well as any applicable Israeli and EU requirements regarding electronic communications.
We use technical and operational data to maintain the security and integrity of our website and systems, to detect and prevent unauthorised access, fraudulent activity, and other malicious or harmful behaviour, and to diagnose and resolve technical faults. This use is both a legitimate business interest and a legal obligation under the Regulations for the Protection of Privacy (Data Security), 5777-2017, which require us to implement appropriate technical and organisational measures to protect personal data.
We may use personal data where required to comply with applicable law, to respond to legal process, to enforce our contractual rights, or to protect the rights, property, or safety of Arcusis, our employees, our clients, or third parties. Such use is strictly limited to what is necessary and proportionate for the legal obligation or legitimate interest in question.
Third-Party Service Providers
In delivering the functionality of arcusis.com, Arcusis engages a small number of third-party service providers who may process personal data on our behalf or in connection with your use of the site. We select these providers with care, and where they process personal data on our behalf, we ensure that adequate data processing agreements are in place that bind them to process data only in accordance with our instructions and applicable law. The following is a comprehensive description of each third-party provider and the data flows associated with their services.
Google LLC, a Delaware corporation headquartered in the United States, provides us with Google Workspace, including Google Chat, which we use as our internal team communication platform. When you submit our contact form, the information you provide — your name, email address, the service you are interested in, and your message — is transmitted to our internal team via Google Chat as an automated notification. This data passes through Google's infrastructure and is subject to Google's Data Processing Addendum, which incorporates the Standard Contractual Clauses approved by the European Commission pursuant to GDPR Article 46(2)(c) to govern international transfers of EU/EEA personal data to the United States. Google processes this data as a data processor acting on our instructions and is contractually prohibited from using it for its own purposes. For more information about how Google handles data in this context, please refer to the Google Privacy Policy available at https://policies.google.com/privacy and the Google Workspace Data Processing Terms available at https://workspace.google.com/terms/dpa_terms.html.
Google LLC also provides the Google Maps embed that appears on our contact page. When your browser loads the contact page and the Google Maps component renders, your browser makes a direct request to Google's servers in order to display the map, and in doing so transmits technical data including your IP address, browser type, and interaction data to Google. This transmission occurs even if you do not actively interact with the map. The use of Google Maps is subject to the Google Maps Platform Terms of Service and the Google Privacy Policy referenced above. We embed Google Maps because it provides visitors with a convenient and universally recognised way to locate our office; however, we encourage you to review Google's privacy disclosures if you have concerns about the data Google collects in connection with the Maps service.
Vercel Inc., a Delaware corporation headquartered in the United States, provides our website hosting infrastructure and, where you have consented through our cookie consent banner, the Vercel Analytics service. Vercel Analytics is designed with privacy as a core architectural principle: it collects only anonymised, aggregated data about usage patterns on our website, such as the pages visited, the referral source, the type of device used in generalised form, and the approximate geographic region. It does not use persistent cross-site tracking cookies, does not build profiles of individual users, and does not transmit personally identifiable information. Vercel Analytics is activated only if and when you have provided valid consent through our consent management platform, and it is not activated during server-side rendering or for users who have not consented. Vercel's data processing practices are described in the Vercel Privacy Policy, available at https://vercel.com/legal/privacy-policy.
WebCookies is our own consent management platform, developed and operated by Arcusis. It is the system that powers the cookie consent banner you see when you first visit arcusis.com, and it records and manages your cookie preferences so that we honour them consistently throughout your visit and on return visits. Data collected by WebCookies — which consists of your consent choices and the timestamp of those choices — is processed entirely within our own infrastructure in Israel and is not shared with third parties. This data is used exclusively to ensure that we comply with applicable requirements for informed and freely given consent to tracking technologies, as required by Amendment 13 to the Israeli Privacy Law and by GDPR Article 7.
International Data Transfers
Arcusis is an Israeli company, and the primary jurisdiction of our personal data processing activities is Israel. However, as described in the section above, we engage third-party service providers — specifically Google LLC and Vercel Inc. — that are based in the United States. The use of these services necessarily involves the transfer of personal data to the United States, a jurisdiction outside Israel and outside the European Economic Area.
For individuals located in the European Union or European Economic Area, the transfer of personal data to the United States is governed by GDPR Chapter V. Israel has been recognised by the European Commission as providing an adequate level of data protection pursuant to a Commission adequacy decision, which means transfers of personal data from the EU/EEA to Arcusis in Israel are lawful without requiring additional safeguards. For the onward transfer of personal data from our Israeli systems to our US-based service providers, we rely on the Standard Contractual Clauses (SCCs) adopted by the European Commission under Article 46(2)(c) of the GDPR, which are incorporated into our data processing agreements with Google and, through Google Workspace's DPA, govern the processing of data in the United States. Vercel, as our hosting provider, similarly makes available SCCs to govern transfers of EU/EEA personal data.
For individuals located in Israel, the transfer of personal data to service providers in the United States is governed by the Regulations for the Protection of Privacy (Transfer of Data to Databases Abroad), 5761-2001. These regulations permit transfer of personal data abroad where, among other conditions, the recipient country provides a level of protection substantially similar to that afforded under Israeli law, or where the transfer is made with the data subject's consent, or where the transfer falls under another permitted ground under the regulations. Our transfers to Google and Vercel in the United States are conducted in reliance on these regulations, through contractual protections substantially equivalent to those required under Israeli law, including the data processing agreements and SCCs referenced above.
We do not transfer personal data to any other third countries or international organisations except as described herein, and we do not make transfers to jurisdictions that lack adequate data protection standards without first implementing appropriate contractual or technical safeguards. Should you have questions about the specific safeguards governing any international transfer, you may contact us at info@arcusis.com and we will provide further information.
Data Retention
Arcusis retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, and no longer. This principle of storage limitation is mandated by GDPR Article 5(1)(e) and is consistent with the general spirit of the Israeli Privacy Law's requirement that personal data not be kept beyond its useful purpose. We review our data retention practices periodically and delete or anonymise personal data when it is no longer required.
Personal data submitted through our contact form — including your name, email address, and message content — is retained for a period of twenty-four months from the date of your last communication with us, or for such longer period as may be required to resolve any inquiry, dispute, or pre-contractual matter that remains open. Where an inquiry leads to a commercial engagement, the personal data related to that engagement will be retained for the duration of the engagement and for such period thereafter as is required by applicable Israeli commercial, tax, or accounting law, which may extend to seven years in certain cases. At the end of the applicable retention period, contact form data is securely deleted from our systems.
Technical data collected through server logs — including IP addresses and request metadata — is retained for a period of ninety days from the date of collection, after which it is automatically purged from our systems. This retention period is designed to allow us sufficient time to investigate any security incidents or technical issues that may emerge following the relevant access event, while minimising the period during which such data is held.
Analytics data collected through Vercel Analytics, where you have consented, is retained in accordance with Vercel's own data retention policies as described in the Vercel Privacy Policy. As Vercel Analytics data is collected and stored in an anonymised and aggregated form that does not identify individual users, it does not constitute personal data within the meaning of GDPR Article 4(1) or the Israeli Privacy Law once aggregated, and therefore specific retention obligations under those frameworks do not apply to it. We will nonetheless review our analytics retention settings periodically and configure them to minimise unnecessary data accumulation.
Consent records maintained by our WebCookies consent management platform are retained for a period sufficient to demonstrate that valid consent was obtained at the time analytics or other consent-dependent processing was activated. These records are retained for a minimum of three years to allow us to demonstrate compliance in the event of a regulatory enquiry.
Data Security
Arcusis takes the security of your personal data seriously and has implemented a range of technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures are calibrated to the nature, scope, and sensitivity of the personal data we process, in accordance with the requirements of GDPR Article 32 and the Regulations for the Protection of Privacy (Data Security), 5777-2017.
Our website is served exclusively over HTTPS, using Transport Layer Security (TLS) to encrypt data in transit between your browser and our servers, preventing interception of your personal data during transmission. Access to personal data held within our systems is restricted on a strict need-to-know basis, meaning that only those members of the Arcusis team whose role requires access to a particular category of data are authorised to access it. We conduct regular reviews of access permissions and revoke access promptly when it is no longer required. Our infrastructure is hosted by Vercel, which maintains its own comprehensive security programme including physical security controls at its data centres, network security measures, and vulnerability management practices.
We conduct periodic internal security reviews of our data processing activities and maintain internal policies designed to ensure that employees and contractors who handle personal data are aware of their obligations and act in accordance with them. We require all service providers who process personal data on our behalf to demonstrate adequate security measures and to notify us promptly in the event of any security incident affecting personal data they hold on our behalf.
Notwithstanding the foregoing, no system of information security can provide absolute guarantees. The transmission of data over the internet involves inherent risks, and while we take all reasonable steps to protect personal data, we cannot guarantee that unauthorised third parties will never be able to defeat our security measures. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will comply fully with our notification obligations. Under GDPR Articles 33 and 34, we are required to notify the relevant supervisory authority within 72 hours of becoming aware of a breach and, where the breach is likely to result in a high risk to affected individuals, to notify those individuals directly without undue delay. Under Amendment 13 to the Israeli Privacy Law, we are similarly required to notify the Israeli Privacy Protection Authority and, in certain circumstances, affected data subjects, of data breaches that meet the specified risk threshold. We take these obligations seriously and maintain documented incident response procedures to ensure timely and effective compliance.
Your Rights Under Applicable Law
Depending on your location and the applicable legal framework, you may have a number of rights with respect to the personal data Arcusis holds about you. We are committed to honoring these rights promptly, transparently, and in full compliance with applicable law. This section describes the rights available under the GDPR, the Israeli Privacy Law, and the CCPA/CPRA, as applicable.
Under GDPR Article 15 and Section 13 of the Israeli Privacy Law, you have the right to obtain from us confirmation of whether we process personal data about you, and if so, to receive a copy of that personal data together with information about the categories of data processed, the purposes of processing, the categories of recipients to whom data has been or may be disclosed, the anticipated retention period, and the sources from which the data was obtained if not collected directly from you. Under the CCPA, this corresponds to the right to know about the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom it is shared. We will respond to access requests free of charge within one month of receipt, extendable by a further two months for particularly complex or numerous requests, with notice to you of such extension.
Under GDPR Article 16 and Section 14 of the Israeli Privacy Law, you have the right to require us to correct any personal data about you that is inaccurate, and to have incomplete personal data completed, taking into account the purposes of the processing. We will action rectification requests promptly and will notify any recipients of the data of the correction unless doing so proves impossible or involves disproportionate effort.
Under GDPR Article 17, you have the right to request the erasure of personal data concerning you where the data is no longer necessary for the purpose for which it was collected, where you withdraw consent on which the processing was based, where you have successfully objected to the processing, where the data has been unlawfully processed, or where erasure is required to comply with a legal obligation. This right is not absolute and may be overridden by our obligations under applicable law, including retention obligations, or by our legitimate interests in establishing, exercising, or defending legal claims. Under the CCPA, you similarly have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
Under GDPR Article 18, you have the right to request that we restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data (for a period enabling us to verify it), where the processing is unlawful and you oppose erasure, where we no longer need the data but you require it for the establishment, exercise, or defence of legal claims, or where you have objected to processing pending verification of whether our legitimate grounds override your rights.
Under GDPR Article 20, you have the right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where the processing is based on consent or contract and is carried out by automated means. This right of data portability allows you to take your data with you when you move to another provider.
Under GDPR Article 21, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data on the basis of GDPR Article 6(1)(e) or (f), including profiling based on those provisions. Where you object, we will cease processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims. Where personal data is processed for direct marketing purposes, you have an unconditional right to object, and we will cease such processing immediately upon receipt of your objection.
Under GDPR Article 22, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Arcusis does not currently engage in automated decision-making that produces legal or similarly significant effects in relation to individuals, so this right does not have practical application in the context of our current operations. Should this change, we will update this policy accordingly and ensure appropriate safeguards are in place.
Under the CCPA and CPRA, California residents have the additional right to opt out of the sale or sharing of their personal information. Arcusis does not sell personal information to third parties, nor do we share personal information for cross-context behavioural advertising purposes. Accordingly, no opt-out mechanism for sale or sharing is required; however, if you are a California resident and wish to confirm this, you are welcome to contact us. California residents also have the right to non-discrimination, meaning we will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, provide a different level of service quality, or suggest that you will receive any of those penalties for exercising your privacy rights.
To exercise any of the rights described above, please contact us in writing at info@arcusis.com, clearly identifying yourself and specifying the right or rights you wish to exercise. We may need to verify your identity before processing your request in order to ensure that personal data is not disclosed to or acted upon by an unauthorised person. We will acknowledge your request within a reasonable time and respond substantively within one month, or notify you if we require additional time. There is no charge for exercising your rights, except where requests are manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee or decline to act, in accordance with GDPR Article 12(5).
If you are not satisfied with our response to your request or believe that our processing of your personal data infringes applicable law, you have the right to lodge a complaint with the competent supervisory authority. For individuals in Israel, the competent authority is the Privacy Protection Authority (formerly the Israel Law, Information and Technology Authority, ILITA), which can be reached through the Israeli government portal at https://www.gov.il/en/departments/the_privacy_protection_authority. For individuals in the European Union or European Economic Area, you have the right to lodge a complaint with the supervisory authority of the EU member state of your habitual residence, place of work, or the place of the alleged infringement. We encourage you to contact us first so that we have an opportunity to address your concern directly, but we fully respect and support your right to contact the supervisory authority without first approaching us.
Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies in order to deliver its functionality, manage your consent preferences, and — where you have consented — to collect anonymised analytics data about how the site is used. A cookie is a small text file that a website places on your device when you visit it. Some cookies are essential to the operation of the website and cannot be disabled, while others are optional and are only set with your prior consent.
We use strictly necessary cookies to operate our cookie consent management platform, WebCookies. These cookies store your consent preferences so that the site can remember whether you have accepted or declined optional cookies, and so that we can honour your choices on subsequent visits. These cookies do not collect personal data for tracking or analytics purposes and are set on the basis of our legitimate interest in operating the consent mechanism required by law, rather than on the basis of your consent.
Where you have provided your consent through our cookie consent banner, we set analytics cookies that enable Vercel Analytics to record anonymised information about your session. These cookies are only set after a clear affirmative action on your part — clicking "Accept" or an equivalent button in the consent banner — and they will not be set if you decline or dismiss the banner without accepting. You may change your consent preferences at any time by accessing the cookie preference centre, which is available through a link in the consent banner and in our website footer.
Our use of tracking technologies is also subject to Amendment 13 of the Israeli Privacy Law, which sets out requirements for obtaining informed consent before placing tracking technologies on a user's device or using them to collect information about users. We have designed our consent mechanism to satisfy these requirements, including by providing clear and specific information about the types of tracking used and the purposes they serve before seeking consent.
For a complete and detailed description of the cookies we use, their purposes, their duration, and how to manage them, please refer to our Cookie Policy, available at arcusis.com/cookie-policy. You may also manage cookies through your browser settings, which typically allow you to view, delete, or block cookies from specific sites or all sites. Please note that disabling certain cookies may affect the functionality of our website.
Children's Privacy
The services and content offered by Arcusis through arcusis.com are directed exclusively at adults and are not intended for, and should not be used by, persons under the age of eighteen years. Arcusis does not knowingly solicit, collect, or process personal data from minors. We do not design our website, services, or marketing communications to appeal to children, and we have no reason to believe that minors access our website in significant numbers.
If you are the parent or legal guardian of a minor and you believe that your child has submitted personal data to us without your knowledge or consent, we ask that you notify us immediately at info@arcusis.com. Upon receipt of such notification and verification that the data in question relates to a minor, we will take prompt steps to delete that data from our records and to ensure that it is removed from any systems operated by our service providers, to the extent technically possible. We take the protection of minors' personal data with the utmost seriousness and will cooperate fully with parents and guardians in resolving any such situation.
Changes to This Privacy Policy
Arcusis reserves the right to modify or update this Privacy Policy at any time to reflect changes in our data processing practices, changes in applicable law or regulatory guidance, changes in our services or the third-party providers we engage, or for any other legitimate reason. We will always indicate the date on which this policy was most recently updated at the top of the page, and we encourage you to review this policy periodically to remain informed of how we protect your personal data.
Where we make material changes to this policy — that is, changes that significantly affect your rights or the way in which we process your personal data — we will take reasonable steps to bring those changes to your attention. This may include displaying a prominent notice on our website, updating the "Last updated" date in a prominent location, or, where we hold contact information for you and the change is sufficiently significant to warrant it, notifying you by email. What constitutes a material change will be determined in our reasonable judgment, taking into account the nature of the change and the interests of the individuals whose data we process.
Your continued use of arcusis.com following the publication of a revised Privacy Policy constitutes your acknowledgment of the revised policy and, where continued use serves as a valid expression of acceptance under applicable law, your acceptance of the revised terms. However, where applicable law requires that we obtain fresh consent for material changes to the way in which we process personal data on a consent basis, we will seek that fresh consent rather than rely on continued use as acceptance.
Contact Us
If you have any questions, concerns, or complaints regarding this Privacy Policy, the way in which Arcusis processes your personal data, or if you wish to exercise any of the rights described in this policy, we warmly invite you to get in touch with us. We are committed to responding to all privacy-related enquiries promptly and in a spirit of genuine transparency and cooperation.
You may contact us by email at info@arcusis.com, which is our preferred channel for privacy-related correspondence as it allows us to handle your request efficiently and maintain a clear record of our communication. Alternatively, you may write to us at our registered address: Arcusis, Millennia Tower, The 1000 Complex, Entrance B, 18th Floor, 23 HaRishonim Blvd, Rishon LeZion 7519701, Israel. You may also reach us by telephone at 058-469-6000 during business hours, though we recommend following up telephone conversations in writing to ensure a complete and accurate record of your request.
For general enquiries or to initiate a business relationship, you may also use the contact form available at arcusis.com/contact. We aim to acknowledge all privacy-related requests within five business days and to provide a substantive response within one calendar month, in accordance with our obligations under GDPR Article 12 and applicable Israeli law. If we require additional time to respond to a complex request, we will notify you within the initial one-month period and explain the reason for the delay.