Privacy Policy - CommBox

Privacy Policy

Commbox Privacy Policy

Last updated: November 28st, 2022

Commbox values your privacy. This privacy policy (“Policy”) describes how Commbox Communication and Automation Ltd. and our affiliates (together, “Commbox”, “we”, “us”, “our”) processes Personal Data (as defined below) which we receive or collect in relation to your access and use of our website, (“Website”), our products and services that we provide, (collectively,  “Services”), and other products and services we offer (together with our Website, our “Services”), as part of our marketing practices and from our business contacts (such as representatives of customers and suppliers) and other third parties who provide us with Personal Data

The term, “Personal Data”, as used in this Policy means information relating to an identified or identifiable natural person.

The term, “processing”, as used in this Policy means any action taken in respect of Personal Data.

We may change this Policy from time to time in order to keep you apprised of our data collection and use practices. We encourage you to regularly visit and review this Policy to stay informed of such practices.  

For CommBox’s California Privacy Notice  – Read here. 

Table of Contents 

  1. The Personal Data We Collect and How we use it
    1. When you visit our Website (automatically collected data)
    2. When you interact with our social media accounts
    3. When you sign up to receive updates or other communications from us 
    4. When you contact us (including for support via our chatbot)
    5. When you create an account to use and access our Services 
    6. When you access and use our Services platform
    7. When you become our customer
    8. When you submit a CV during your recruiting process with us
  2. How (and with whom) we Share Personal Data
    1. Cloud and Hosting Services
    2. Law Enforcement or other Government Entities 
    3. With your Consent 
    4. Disputes
    5. Mergers and Acquisitions
    6. Affiliates
    7. Additional Information on our Service Providers
  3. How Long do we Retain Personal Data
  4. Your GDPR Rights
  5. Transfers of Personal Data to other Countries Outside the EU or EEA
  6. Your California Privacy Rights 
    1. Disclosure of Direct Marketing Practices (“Shine the Light”)
    2. Removal of Public Information of Minors
  7. California Do Not Track Notice
  8. Personal Data of Children
  9. Third-Party Websites, Services & Data Collection
  10. Anonymous Information
  11. Our Contact Information

We collect and receive Personal Data from outside our company and affiliates, such as from users of our products and services as described in the table below. Certain Personal Data is collected automatically, while other Personal Data is provided by you voluntarily, for example, when you contact us. The description in the table may be supplemented by additional information in other parts of this Policy. For example, you may find for more information on third-parties to whom your information may be transferred in Section ‎2 below.

When we Collect Data

Type of Personal Data we Collect

Purposes of Processing the Data

Retention Period (How long we store the data)*

Legal Basis under the GDPR

Third Parties with Whom We Share your Personal Data**

Consequences of not Providing the Personal Data

1.1 When you visit  our Website

(automatically collected data)

  • Placement of cookies, including third party cookies.
  • IP address, 
  • Information about your web browser, 
  • Referring URL or source (which referred you to our Website);
  • Other information automatically sent by your browser and contained in HTTP Headers;
  • Facebook Pixel ID;
  • Site activity (including what you click on and what you upload)
  • LinkedIn-Pixel ID;
  • login information and your screen display choices. 
  • Analysis of Website activity
  • protecting the security of the Site;
  • Enable site functionality;
  • Identify unique users, track user activity on the site, and unique website views;
  • Display and personalization of advertisements.

    • Login cookies last for two days, and screen options cookies last for a year.
  • Your consent
  • Legitimate interest (e.g. essential cookies)
  • Google Analytics
  • Facebook
  • LinkedIn
  • Hubspot
  • WP Engine
  • OpenX, Yandex
  • Wix
  • Poptin
  • Laravel
  • leadfeeder
  • Depending on the cookie type you may not be able to access or use the Website. Please see our Cookie Policy [Embed URL] for more information.

1.2 When you interact with our social media accounts 

  • Placement of cookies, including third party cookies
  • Data provided to us by the applicable third-party platform (i.e., Facebook, Twitter, etc.), such as your name, job title, company name, IP, social profile and number of agents.
  • The content that you message us or post on our account, handle or page.
  • Respond to any inquiries or requests regarding our Services;
  • Improve our Services;
  • Develop marketing strategies.

5 Years

  • Your consent
  • Legitimate interest (e.g. essential cookies)
  • Google (Gmail and Google Ads). 
  • Facebook
  • Linkedin
  • Hubspot
  • Twitter
  • Youtube
  • Instagram
  • We would not be able to review or respond to your messages or posts.

1.3 When you sign up to receive updates or other communications from us 

  • Name
  • Company
  • Email address
  • Company size
  • job title
  • phone number
  • address
  • Send you our marketing communications, based on your profile, intent and behavior.

5 Years

  • Your consent.
  • Gmail service
  • Hubspot
  • We will not be able to send you communications.

1.4 When you contact us (including for support via our chatbot)

  • Full name
  • Email address
    • IP
    • Country
    • Content of the conversation
  • Information about your request or inquiry, and any other information you provide.
    • Verify your identity, process your request and respond to or contact you regarding your request or inquiry; 
    • Present this information to you as part of your account history;
    • Display and contact you with information that is relevant to you in the future, and to assist you with further requests for support; 
  • Improve our customer support and communication practices; 
  • To provide solutions via our development team

5 Years

  • The performance of our contract with you (if you are a customer).
  • Your Consent 
  • Our legitimate interest.
  • Google Cloud 
  • Gmail
  • Hubspot
  • WP Engine
  • Jira
  • We may not be able to provide you support or respond to your request. 

1.5 When you create an account to use and access our Services

  • User name
  • Full name 
  • Email address
  • Phone number
  • Company 
  • Password
  • To create an account and provide our Services.

12 months following our final use of the information

  • Your Consent
  • Performance of our contract with you or the company you represent.
  • Amazon Web Service
  • Hubspot
  • Whatsapp
    • Google
  • Jira
    • WP Engine 
  • You cannot access or use the Services.

1.6 When you access and use our Services platform

  • Various activity on the Services platform, such as:
  • IP 
  • Log-in and log-out activity
  • Emails and other correspondences
  • Download and upload of data
  • Provide the Services;
  • Help users at struggle; Enabling or disabling features;
  • Debug and troubleshooting;
  • Monitor and maintain the security of the Services;
  • Analyze use of the Services and improve and develop the Services and other products and services.

12 months following the termination of our contract with you

  • Your Consent
  • Performance of our contract with you or the company you represent.
  • Legitimate Interest.
  • YouTube
  • Twitter
  • Instagram
  • You cannot access or use the Services.

1.7 When you become our customer

  • Full name
  • Email Address
  • ID number
  • Company name
  • Company address
  • Invoice amount
  • Payment terms (bank details)
  • To legally engage with you.
  • To provide you with an invoice.  

12 months following the termination of our contract with you

  • Your consent;
  • Performance of our contract with you or the company you represent.
  • Legitimate interest.
    • Google
  • Jira 
  • Hubspot
  • SAP
  • We would be unable to engage with you in a contract.

1.8 When you submit CV during your recruiting process with us

  • Name
  • Address
  • Phone
  • Email
  • ID
  • Other information you provide in your CV. 
  • To have a recruiting process with you. 

5 Years

  • Your consent;
  • Legitimate interest.
  • Google (Gmail)
  • Linkedin
  • Civi
  • We would be unable to conduct a recruitment process with you.

* Please see Section 2 below for more information about our use of service providers. Section ‎‎2.7 provides for more information about third parties listed above.

** Please see Section 3 for more information on how long we retain data we collect.

In addition to any methods or third parties with whom we may share your Personal Data described above, we share Personal Data in the following manner: 

  1. Cloud and Hosting Services. We use cloud storage providers to host the Services and store all information we collect. We currently engage Amazon Web Services, Hubspot and Google, LLC (or one of its affiliates), for such services and in addition to the third parties listed in Section ‎1 above, copies of all data we collect are stored on their servers.   
  2. Law Enforcement or Other Government Entities. Where required by law or government or court order, we will disclose Personal Data relating to you to the extent we believe we are required by law. 
  3. With your Consent. In the event that you have requested or have consented to the transfer of Personal Data relating to you to a third party (such as by checking a box to signify your agreement) we will transfer Personal Data to the relevant third party.
  4. Disputes and Legal Advice. In case of any dispute or request with, by or concerning you, we may disclose Personal Data relating to you with our legal counsel, professional advisors and service providers, the relevant court or other tribunal and other third parties as needed in order to resolve the dispute, defend ourselves against any claims, or enforce our rights.
  5. Mergers and Acquisitions. In the event that we, or a part of our business, are sold to a third party, or if we are merged with another entity, or in the event of bankruptcy or a similar event, we will transfer information about the relevant portions of our business as well as relevant customers and users and other personal data, to the purchaser or the entity with which we are merged. We may also transfer personal data to a potential acquirer, their legal counsel or service providers as part of an evaluation or due diligence review of our company in anticipation of an investment, acquisition or merger, though such transfers do not typically include personal data and are subject to obligations of confidentiality.
  6. Affiliates. We share personal data with our affiliates, who assist us in processing personal data and providing our Services. 
  7. Additional information on our Service Providers (listed in Section 1)

To help you understand where data about you is transferred, here is more information about the service providers listed above whom we engage to process Personal Data that we collect. Where such service providers have made available information about their data security or processing practices which we think is relevant to you, we have provided links to such information. We take no responsibility for information found on their websites, including, without limitation, whether it is accurate or up-to-date.  

Please note that the listing of these service providers in this Privacy Policy is not a guarantee or undertaking that only these service providers will be used. We may change service providers or add news ones. We make commercial reasonable efforts to update this Privacy Policy to reflect these changes. 

We may store Personal Data for longer periods of time than stated in Section ‎1 above: (i) where we believe we are required to do so to comply with laws or in connection with legal proceedings; (ii) to resolve disputes; (iii) to enforce agreements between us and others; (iv) when the information is related to a potential or actual legal dispute. 

Please note that if we receive Personal Data relating to you in multiple contexts, such as if you have separately provided information or we have another basis to use it, then we may keep such information for the longer of the periods listed in this Privacy Policy. For example, you are a customer or are a representative of a customer who has subscribe to receive our marketing emails but later unsubscribes, then we will retain such information for the period listed in connection with customer or business contact information as described in this Privacy Policy, even if we remove you from the applicable email list.

Subject to certain exceptions and exclusions, the following rights apply to individuals who are located in an EU member states or otherwise protected by the EU General Data Protection Regulation (“GDPR”), as further described below. If you are such a person, then:

You can exercise your rights that apply to us by contacting us by email at [email protected] We may be permitted by law (including the GDPR and local national laws) to refuse or limit the extent to which we comply with your request. We may also require additional information in order to comply with your request, including information needed to locate the information requested or to verify your identity or the legality of your request. To the extent permitted by applicable law, we may charge an appropriate fee to comply with your request.

We transfer Personal Data we receive in or from the European Union (and other locations) to the following countries outside the EU and European Economic Area. If Personal Data from the EU is transferred outside the EU to our affiliates or to third-party service providers, to countries which the European Commission has not determined to adequately protect Personal Data, we take steps to ensure that such Personal Data receives the same level of protection as if it remained within the EU. This includes entering into data transfer agreements and using the European Commission approved Standard Contractual Clauses.

If you are an individual protected by the GDPR, you may contact us in order to obtain additional information regarding the basis for the transfer of Personal Data relating to you to countries outside the European Economic Area. Please note that information or copies of documents we may provide to you in connection with such requests may be limited or redacted in order to protect the rights of third parties or to comply with contractual obligations we may have (such as obligations of confidentiality).

If you are a California resident you have the right under California law to make certain requests in connection with our use of Personal Data relating to you, as described below. To make such a request, please contact us by email at [email protected]. Please note that certain exceptions may apply.

  1. Disclosure of Direct Marketing Practices (“Shine the Light”). Under California Civil Code Section 1798.83, one time per year you may request the following information regarding our disclosure of your Personal Data to third parties for their direct marketing purposes: a list of the categories of the personal information disclosed to such parties during the preceding calendar year, the names and addresses of such third parties, and if the nature of the parties’ businesses is not clear from their names, examples of the products or services marketed by such third parties. This right only applies if our relationship is primarily for your personal, family or household purposes and related to the purchase of our products and services.
  2. Removal of Public Information of Minors. If you are under the age of 18 and have an account with us, under California Business and Professions Code Section 22581, you may request the removal of content or information you have publicly posted on our services that is identified with you or your account. Please be aware that certain exceptions may apply and we may not be able to completely remove all such information.

We do not track individuals’ online activities over time and across third-party web sites or online services (though we do receive information about the webpage you visited prior to access our websites, products and services such as our Website, social media accounts, and advertisement landing pages). We do permit third-parties to track individuals’ online activities on our Site and App, including Google and Facebook which provide us with the analytics and tracking services described above. We do not respond to Web browsers “do not track” signals or similar mechanisms. You can find out more information about do not track signals at:

Our Services may contain links to other websites, products or services offered by third parties (“Third Party Services”). This Policy does not apply to data collected by or on behalf of such third parties, whose privacy practices may differ from ours and who are not under our control. We are not responsible for the actions of such third parties or their data practices. Please review the privacy policies of any such third parties before you interact with them or provide them with Personal Data. 

Furthermore, we are not responsible for the accuracy of information contained on Third Party Services linked to in this privacy policy or from our Services. We refer to such websites for your convenience only.

  1. Personal Data of Children. 

Our Services are not intended for, and we do not knowingly collect Personal Data from persons under the age of eighteen (18). If you believe that a person under the age of eighteen (18) has provided us with Personal Data, or if we have received the Personal Data of such person, please contact us at [email protected].

We do not treat information we collect or receive which is not or cannot reasonably be connected to any particular person or which is anonymized or aggregated such that it can no longer be connected to or used to identify any particular person as “Personal Data”, even if it was originally linked to or stored with Personal Data. Such anonymous information is not subject to this Policy and we may use it for a variety of purposes, may share it with third parties or even publish it for any reason.

For inquiries regarding this Policy, you may contact us as follows:

Commbox Communication and Automation Ltd.

Beit Hakshatot, 

Glil-Yam, 46905


[email protected].


CommBox Recognized as Leaders and High-Performers in the CX Market by G2


Build the customer experience
you always wanted

We have rebranded blank

Thank you BumpYard. Hello CommBox

Say hello to, the intelligent customer communication center for live and automated interactions.

We’re extremely excited to announce that we have changed our company name to CommBox. It’s still the same company with the same awesome people! just a new name, a fresh look, and a brighter future.

Read full story