Privacy Policy

SOSA Holdings ltd. (SOSA” or “we) is committed to maintaining the privacy of its users (“user”, “you”). The following information describes how SOSA collects and processes information about you when you use our website (the “Website”) and Savvy’s Platform (as defined below).

Our privacy policy (“Privacy Policy”) explains:

  • General
  • Using by devices
  • What information do we collect, and why do we collect it
  • How we use that information
  • How we disclose information and transfer data
  • Roles and Responsibilities
  • Data Subjects rights 
  • Notice to California Residents
  • CAN SPAM Act
  • Cookies collection 
  • Opt-In or Opt-Out from receiving information
  • Links to other websites
  • Data Security 
  • Data Retention rights
  • Children’s privacy rights
  • Questions regarding Our Privacy Policy 
  • Revisions and Modifications to Our Privacy Policy 
  • Governing Law and Jurisdiction

By using our Website and Platform, you agree to this Privacy Policy. 

1. General

SOSA provides Savvy; a cloud-based access management platform (“Platform”). The Platform allows organizations (“Customers”) to get a real-time security guardrail for the workforce by coupling human cognitive science with advanced machine learning technology (“Services”). The Services are provided via interacting with the Customer’s IT personnel (“IT Personnel”) while enabling it to manage user access permissions. The IT Personal will allow the Customer’s admin (“Admin”) to control and document access activities and the Customer’s employees (“Employee”) who require access permissions to the respective Customer’s systems. Savvy’s Website provides the log in page to Savvy’s Platform and Services and enables its users to contact SOSA concerning the Website, Platform, and Services.

2. Device

Users can access the Website and Platform through various Devices. A “Device” is any digital device used to access the Website and Platform, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device. This Privacy Policy governs your access to the Platform and Website, regardless of how you access them, and by using our Website, Platform and Services you consent to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy Policy.

3. Collecting Information

Please note that the scope of this Privacy Policy is limited only to information collected SOSA through your use of its Website and Platform. Some information may be automatically collected, and some is collected when you interact with our Website and Platform. The type of information that may be automatically collected is non-personal information, which includes your session durations, the content you accessed on the Website and Platform, the frequency and scope of your use of the Website and Platform and information about your Device and internet connection including the operating system you use, browser type, referral links, geo-locations, the IP address, traffic logs, app activity and clickstream information. 

Information from which you can be personally identified may also be collected, including but not limited to your first and last name, email address, personal password, position, account name, account Admin and the through which you used the Website and Platform (hereinafter: “Personal Information”). Personal Information shall be collected only if received voluntarily from you, including, without limitation, via the following ways:

a. Sign Up

If you wish to sign up to the Platform, we will collect your Personal Information such as your first and last name, email address, personal password, position, account name, account Admin and the location of the Device, to enable you to use the Platform and Services.

4. Use of Information 

We use Personal Information we collect from you for a range of different business purposes according to different legal bases of processing. We may use or process your Personal Information for the following purposes. One or more purposes may apply simultaneously. 

4.1. Providing the Requested Services

  • We collect Personal Information listed in Sections first and last name, email address, personal password, position, account name, account Admin and the location of the Device, role title (optional), mobile phone (optional), LinkedIn URL (Optional), Profile Picture (Optional) above, to provide you with the Services you contracted to receive. 
  • Such collection of information will enable us to provide you with technical and professional assistance, regarding the Services you use or intend to use. 

We process the Personal Information where it is necessary for the adequate performance of the contract regarding the provision of the Platform, Website, or the requested Services. 

4.2. Improvement and Development of the Services

  • We collect Personal Information to improve and develop our Services and understand feedback on SOSA’s Services regarding the Platform or Website and to help provide more information on the use of the Platform, Website and Services quickly and easily. 
  • We collect Personal Information for ongoing review and improvement of the information provided on our Website and Platform to ensure it is user friendly. 
  • We collect Personal Information to improve the management and administration of our business and maintain compliance with our internal policies and procedures. 
  • We conduct surveys and research, test features in development, and analyze the information we have to evaluate and improve our Services, develop new features, and conduct audits and troubleshooting activities. 

We process this information in light of our legitimate interest in improving the Services, to allow our users to have the best experience. 

4.3. Maintain a Safe and Secure Environment

We may use your information to detect and prevent fraud, abuse and security incidents in the following ways:

  • Verify and authenticate your identity and prevent unauthorized or illegal activity;
  • Enhance the safety and security of our Platform and Website;
  • Conduct security investigations and risk assessments; 
  • Prevent or take action against activities that are, or may be, in breach of our terms of service or applicable law. 

We process this information in light of our legitimate interest in improving our Services and enabling our users to browse in a secure environment. 

5. Disclosure of Information and Transfer of Data

We reasonably attempt to ensure that we never intentionally disclose any of your Personal Information, to any third party without having received your permission, except as provided for herein and in this Privacy Policy or otherwise as permitted or required under law.

In order to perform our contractual and other legal responsibilities or purposes, we may, from time to time, need to share your Personal Information with third parties. We may as well share your Personal Information with our affiliates, subsidiaries or any third party service providers and individuals to facilitate our Services or any portion thereof, such as marketing, data management or maintenance services, such as: 

  • Sentry, an open-source tool that provides real-time error tracking and monitoring to help identify, diagnose, and fix issues in the application. 
  • Pendo, a product experience platform that provides users insights, guidance, and communication tools to help digital product teams to improve users engagement and product usability.
  • Intercom, a customer messaging platform that facilitates personalized communication with users through in-app messaging, email, and chat enhancing users support, sales and engagement. 

We may also share your information with analytics service providers for analytics services. Such analytics service providers set their own cookies or other identifiers on your Device, through which they can collect information about your usage of our Website or Platform. This helps us compile aggregated statistics about the effectiveness of our Platform, Website and Services.

The above mentioned third parties may be located in countries other than your own, and we may send them information we receive. When such third party service providers process your Personal Information on our behalf, we will assure that they comply with obligations similar to those which are set forth in this Privacy Policy. We will also assure that they will abide by our data privacy and security requirements, and will be allowed to use the Personal Information solely for the purposes we set. We will transfer your Personal Information while using appropriate and suitable safeguards, while using a variety of legal mechanisms, including contracts, to ensure your rights and protections travel with your data. 

We may also transfer your information, including Personal Information, in connection with a corporate merger, consolidation, the sale of related assets or corporate division or other fundamental corporate changes. Furthermore, information about you may also be released in order to comply with any valid legal obligation or inquiry or process such as a search warrant, subpoena, statute or court order. We will also release specific information in special cases, such as if you use the Website or Platform to perform an unlawful act or omission or take any act or omission that may damage SOSA, its property and goodwill, or if there is an attempted breach of the security of the Website or Platform or a physical or property threat to you or others. The authority supervising such activities is the relevant privacy protection authority, and you have the right to file a complaint to it or any other relevant supervisory authority.

6. Roles and Responsibilities

Please note that certain data protection laws and regulations, such as the GDPR or the California Privacy Laws (as defined below) typically distinguish between two main roles for parties processing Personal Information: the “Data Controller” (or under the California Privacy Laws, “Business”), who determines the purposes and means of processing; and the “Data Processor” (or under the California Privacy Laws, “Service Provider”), who processes the data on behalf of the Data Controller (or Business). Please see the below explanation where we elaborate on how these roles apply to our Services, to the extent that such laws and regulations apply.

a. SOSA is the “Data Processor” of the Personal Information of end users whose Personal Information we process on behalf of our Customer (who is the “Data Controller” of such Personal Information). Our Service Providers who process such user Personal Information on our behalf are the “Sub-processors” of such Personal Information.

For the avoidance of doubt, each Customer is solely responsible for providing adequate notice to the end users whose Personal Information may be processed by SOSA for the provision of the Services. This includes, to the extent required, sufficient reference to the processing of their Personal Information via the Services, and any other information necessary to comply with all applicable privacy and data protection laws and obtaining all approvals and consents from individuals as required under the applicable laws.

7. Your Rights

You have the right at any time to request to access or modify your information. To exercise these options, please contact us at info@sosa.co.

In some jurisdictions, in particular those located within the European Union (the “EU”) or within the European Economic Area (the “EEA”), you may be afforded specific rights regarding your Personal Information. Subject to such eligibility, you may have the following rights to: 

  1. Request a rectification of your Personal Information where the information we hold about you is incorrect or incomplete. 
  2. Object to the processing of your Personal Information for direct marketing purposes. 
  3. Object to the processing of your Personal Information where our legal basis for that processing is that such processing is necessary for our legitimate interests. 
  4. Object to an automated decision-making (including profiling) in certain circumstances. 
  5. Request the erasure of your Personal Information in certain circumstances, such as where processing is no longer necessary for the purpose it was originally collected for, and there is no compelling reason for us to continue to process or store it;
  6. Receive your Personal Information, or ask us to transfer it to another organization that you have provided to us, which we process by automated means, where our processing is either based on your consent or is necessary for the performance of a contract with you. 

Generally, with regard to information collected on our Website and Platform, SOSA is a “Data Processor”. Therefore, if you wish to exercise the above-mentioned rights, please contact us, and we will make our best efforts to fulfill your request. 

If we are a Data Processor with respect to your Personal Information, we will notify the relevant Customer about your request, and make our best efforts to enable them to allow you to exercise your rights. 

If you wish to file a request regarding any of the above, you may contact us at: info@sosa.co.

8. Notice to California Residents 

This section is designated for California residents and is provided under the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“California Privacy Laws”). It explains your privacy rights, provides “notice at collection”, and provides certain mandated disclosures about how we handle your Personal Information. This section uses certain terms that have the meanings given to them by the California Privacy Laws, unless otherwise specified. Please note that some of the disclosure obligations required under the California Privacy Laws are satisfied within other sections of this Privacy Policy. 

The California Privacy Laws permit some users to request to exercise certain rights. If these rights are applicable to you, you are afforded with the following rights:

a. Right of access

You can request SOSA for certain information about our practices with respect to your Personal Information. In particular, you can request to receive information on the following:

  • The categories and specific pieces of your Personal Information that we have collected. 
  • The categories of sources from which we collected your Personal Information.
  • The business or commercial purposes for which we collected or shared your Personal Information. 
  • The categories of third parties with which we shared your Personal Information. 

b. Right to Opt Out of Sale of your Personal Information

You can be rest assured that we do not sell your Personal Information. 

c. Right to Limit Use and Disclosure of Sensitive Personal Information 

We do not share sensitive Personal Information for cross-context behavioral advertising, and we do not sell sensitive Personal Information.

d. Exercising your California Law Rights 

Please note that we will be required to verify your identity and request before an action is taken to exercise your rights. As a part of this process, government identification may be required. Moreover, you may designate an authorized agent to make a request on your behalf. We make our best efforts to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide, will only cover the 12 months period preceding your verifiable request’s receipt. If, for some reason, we cannot reply within such time frame, our response will include an explanation for our inability to comply. If you wish to exercise your California Privacy Laws rights, please contact us at: info@sosa.co.

e. Right of No Retaliation Following Opt-Out or Exercise of your Rights

If you choose to exercise your rights, we will not charge you different prices or provide different quality of our Services, unless those differences are related to your provision of your Personal Information. We will not discriminate against you for exercising any of your rights and unless permitted by the California Privacy Laws, we will not: 

  1. Deny you goods or services.
  2. Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  3. Provide you with a different level or quality of goods or services.
  4. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

9. CAN SPAM Act

The CAN-SPAM Act is a Federal US law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out strict penalties for violations. 

To be in accordance with CAN-SPAM, SOSA agrees to the following:

  • Not use false or misleading subjects or email addresses. 
  • Identify the commercial message sent to you as an advertisement when required.
  • Include the physical address of our business or site headquarters. 
  • Monitor third-party email marketing services for compliance, if one is used.
  • Honor opt-out/unsubscribe requests quickly.
  • Allow users to unsubscribe by using the link at the bottom of each email. 

If at any time you would like to unsubscribe from receiving future emails, you can email us at info@sosa.co and we will promptly remove you from ALL correspondence. 

10. Cookies

We may use “cookies” and/or other technologies or files (collectively, “cookies”) to identify how visitors make use of our Website and Platform. This aggregated tracking information may be used to help us improve and enhance the Website and Platform experience for all of our visitors. In addition, cookies are used for adjusting the Website and Platform to your personal preferences. Cookies contain information such as the pages you visited, the length of time you stayed on the Website and Platform, the location from which you accessed the Website and Platform and more. If you would prefer not to have cookies stored on your Device, you may modify your browser settings to reject most cookies, or manually remove cookies that have been placed on your Device. However, by rejecting the cookies, you may be unable to fully access the offerings on this Website and Platform. To find out more about cookies, visit www.allaboutcookies.org.

11. Opt In or Opt Out

You are always in control of your data, and if you choose to receive information from us, or others, you can change your mind later. If, at any time, you would like to stop receiving such information or opt out of a feature, you may notify us by writing to info@sosa.co. You should be aware, however, that it is not always possible to completely remove or modify information in our databases and servers, although we will always make reasonable efforts to do so upon your request. 

12. Links to Other Websites

This Website and Platform may provide links to other websites. Please be aware that these other websites are not covered by our Privacy Policy. This Privacy Policy does not cover the information practices exercised by other providers of products or services, advertisers or other websites, companies or individuals, which are not owned or controlled by SOSA. We suggest that when linking to another website, you always read that website’s privacy policy before volunteering any personally identifiable information. 

13. Data Security

We deploy industry standard measures to ensure the security, confidentiality, integrity and availability of the Personal Information we process. We maintain physical, technical and administrative safeguards, and test and update these periodically. We endeavor to restrict access to Personal Information on a ’need to know’ basis for the provision of Website, Platform and Services to you. No such measures are perfect or impenetrable. In the event of a security breach, we will take all reasonable action to minimize any harm. Although we will do our best to protect Personal Information, we cannot guarantee the security of data transmitted to us and transmission is at the users own risk. 

14. Data Retention

Generally, SOSA does not retain information longer than necessary to provide its Services and for its reasonable business and lawful needs. If you withdraw your consent to us processing your Personal Information, we will erase your Personal Information from our systems, unless the Personal Information is required for SOSA to establish, exercise or defend against legal claims or it is necessary for the performance of the requested Services.

15. Children’s Privacy

The Service/Platform/Website are not intended for children under the age of 18. We do not, knowingly or intentionally, collect information about children who are under 18 years of age.

IF YOU ARE UNDER THE AGE OF 18 YOU MAY NOT USE THE PLATFORM/WEBSITE/SERVICE, UNLESS PARENTAL CONSENT IS PROVIDED ACCORDINGLY.

16. Questions Regarding Our Privacy Policy

If you have any questions regarding this Privacy Policy or the practices described above, you are always welcome to contact us at info@sosa.co.

17. EU Representative

If you are located within the European Union or within the European Economic Area, you are welcome to contact our representative in the European Union whose contact details are as follows: Rickert Rechtsanwaltsgesellschaft mbH, Kaiserplatz 7-9, 53225 Bonn, Germany; email address: datenschutz@rickert.net.

18. Revisions and Modifications to our Privacy Policy

We reserve the right to revise, amend, or modify this Privacy Policy at any time. When changing the policy, we will update this posting accordingly. Please review this Privacy Policy often so that you will remain updated regarding our current policies. 

19. Governing Law and Jurisdiction

This Privacy Policy will be governed and interpreted pursuant to the laws of the State of Israel without giving effect to its choice of law rules. You expressly agree that the exclusive jurisdiction for any claim or action arising out of or relating to this Privacy Policy shall be submitted to the competent courts in Tel Aviv, Israel, to the exclusion of any other jurisdiction.

This page was updated on June 8th, 2023.