RIPPLES LTD.

PRIVACY POLICY

This WebApp is operated by Ripples Ltd. (“Ripples”).

This Privacy Policy explains our privacy practices for processing Personal Data on our Website, WebApp and Mobile Application and Services. We process Personal Data as described in this Policy.

We are committed to protecting your privacy and processing your Personal Data fairly and lawfully in compliance with applicable data protections laws. You can access our full Privacy Policy below to help you better understand how we collect and use Personal Data pertaining to each of our Users. In it, we explain in more detail the types of Personal Data we collect, how we collect it, what is the legal basis of collection, what we may use it for, who we may share it with, what our retention periods are and what are your rights in relation to the Personal Data we collect.

Within the Privacy Policy you will find some specific examples of why and how we use your Personal Data.

Read this policy and make sure you fully understand our practices in relation to your Personal Data, before you access or use the Website, WebApp or Mobile Application. If you read and fully understand this Privacy Policy, and remain opposed to our practices, you must immediately leave this Website, WebApp, Mobile Application or Service, and avoid or discontinue all use of the Website, WebApp and Mobile Application. If you have further questions or concerns regarding this policy please contact us at: info@drinkripples.com.

FULL PRIVACY POLICY

Ripples Ltd. (“Ripples”, “we”, “our” or “us”) provides this Privacy Policy, as will be updated from time to time (our “Policy” or “Privacy Policy”) to inform the visitors of our Website, users of our WebApp and Mobile Application and users of our Ripple Maker machines (“you” or “User”) of our policies and procedures regarding the collection, use and disclosure of Data we receive when you use the Website, WebApp, Mobile Application and Ripple Maker machines.

1. DEFINITIONS:

“Personal Data” means any data that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual.

“Non Personal Data” means Data that does not personally identify you and does not reveal your specific identity as an individual, and/or cannot reasonably be attributed to the User (such as your browser type, technical device information, etc.)

“Data” means Personal Data and/or Non Personal Data.

“Visitor” or “User” or “you” means visitors and users of our Website, WebApp and Mobile Application and individual employees or other personnel of our customers who are registered users of the Ripples Maker machines.

“Ripples Maker” means our machine enabling printing photos, logos and designs on foam-based drinks.

“Services” means use of our Ripple Maker machines.

“Website” means our public website available at www.drinkripples.com providing details regarding the Services we provide.

“WebApp” means our web based application that enables consumers to scan a QR code at a bar or restaurant, and send pictures from their mobile phone to the Ripple Maker for printing.

“Mobile Application” means our app which can be downloaded from the virtual stores and enables sending pictures to the Ripple Maker for printing.

This Policy was originally written in English. If you are reading a translation and it conflicts with the English version, please note that the English version prevails.

2. WHEN DOES THIS PRIVACY POLICY APPLY

This Privacy Policy applies to Personal Data that we collect about you, use or otherwise process regarding your relationship with us as a visitor of our Website, or User of our WebApp or Mobile Application.

3. THE TYPES OF PERSONAL DATA THAT WE COLLECT

PERSONAL DATA THAT YOU PROVIDE US

While browsing our Website or using our WebApp and Mobile Application and in the course of using the Services, you or others will provide us with Personal Data as part of the Services and personal Data related to you that is added to the Services, such as photos you upload to our WebApp and Mobile Application, registration and log in information and any other means. This personal Data may include your contact details such as: name, email, phone number, country and technical details of the site the User manages and for whom he/she wants to enquire more information about our Services. For Users of the WebApp and Mobile Application this Personal Data is primarily photos uploaded. To use the WebApp and Mobile Application Users need to provide access to their location; however, this information is not collected by Ripples.

NON PERSONAL DATA

In addition to the categories of Personal Data described above, we may also process Non Personal Data. We may collect this Non-Personal Data through the Website, WebApp and Mobile Application in the following ways:

o Data that your browser or application sends when you visit a website, app or online service (“Log Data”). This Log Data may include, but is not limited to, non-identifying Data regarding the User’s device, operating system, internet browser type, screen resolution, language and keyboard settings, internet service provider, referring/exit pages, date/time stamps, the web page you were visiting and Data you search, etc.
o We may use automated devices and applications to evaluate usage of our Service. We use these tools to help us improve our Services, performance and user experience. We may also engage third parties to track and analyze data or provide other services on our behalf. Please see below Section 7 for more information about cookies and Data collection by automated means.

4. HOW WE USE PERSONAL DATA

Personal Data is used for the following primary purposes (as may be updated from time to time): to (i) provide and operate the Services; (ii) monitor and analyze use of the Services and study and analyze the functionality of the Services; (iii) to provide ongoing customer assistance, technical support and maintain the Services; (iv) provide service announcements and notices, promotional messages and market our Services; (v) enforce our terms of use, policies and other contractual arrangements, to comply with court orders and warrants, and prevent misuse of the Services, and to take any action in any legal dispute and proceeding.; (vi) better understand your needs, both on an aggregated and individualized basis, in order to further develop, customize and improve our Services based on Users’ preferences, experiences and difficulties; (vii) communicate with you and contact you to obtain feedback from you regarding the Services; (viii) disclose to third party vendors, service providers, contractors or agents who perform functions on our behalf with respect to the Services; (ix) to create aggregated statistical data and other aggregated and/or inferred Non-Personal Data, which we or our business partners may use to provide and improve our Website, WebApp or Mobile Application; and (x) as otherwise authorized by you.

We may use your email address you provided us to contact you when necessary, including in order to send you reminders, offers and to provide you information and notices about the Services. If under applicable law we need your separate consent for sending marketing e-mails and text messages, we will obtain your consent as required. At any time, you may choose (opt out) whether your Personal Data is to be used for sending such marketing materials which are not an essential part of the Services. You may exercise your choice by contacting us at: info@drinkripples.com.

5. HOW WE USE NON PERSONAL DATA

We may use Data that is Non Personal Data for the same purposes we use Personal Data (where applicable) and in addition in order to (i) compile anonymous or aggregate information, (ii) disclose to third party vendors, service providers, contractors or agents who perform tasks on our behalf in connection with the Services, (iii) monitor and analyze use of the Services and for the technical administration and troubleshooting of the use of the Services, (iv) testing, development, improvement, control and operation of the Services, Website, WebApp and Mobile Application; and (v) provide us with statistical and analytical data.

6. COOKIES AND INFORMATION COLLECTED BY OTHER AUTOMATED MEANS

o If you browse or use our Website, WebApp and Mobile Application, we may collect Personal Data. This may include (by way of a non-exhaustive list): your computer’s Internet Protocol address, mobile device ID and your location through the use of “cookies”. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We use cookies to enable certain features of the Services, to better understand how you interact with the Website, WebApp and Mobile Application and to monitor web traffic routing and aggregate usage of the Services. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the website you visit. If you do not accept cookies, however, you may not be able to use all portions or all functionality of the Services.
o We may use GIFs or equivalent file formats in order to collect Data. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages.
o We may use automated devices and applications and analytics tools, such as Google Analytics, to evaluate usage of our Service and understand users’ behavior on our Website, WebApp or Mobile Application, including by tracking page content, and click/touch, movements, scrolls and keystroke activities.. We use these tools to help us improve our Services, performance and user experience. We may also engage third parties to track and analyze Service data or provide other services on Our behalf. Such third parties may combine the Data that We provide about you
with other Data that they have collected. This Policy does not cover such third parties’ use of the data. The privacy practices of these tools are subject to their own policies and they may use their own cookies to provide their services. We use Google Analytics. For information about how Google uses the information provided to Google Analytics see https://www.google.com/analytics/terms/. Depending on your browser, you may control the information provided to Google by using the Google Analytics opt out browser add-on (if any).
o From time to time, we may use additional or alternative analytics services. We will provide a notice of these changes on our Website, WebApp and Mobile Application, as appropriate.

7. SHARING DATA WITH OTHERS

We do not sell, rent or lease your Personal Data.

o Service providers and business partners. We may share your Personal Data with service providers and other third parties, if necessary to fulfil the purposes for collecting the Data, such as cloud or hosting vendors, subcontractors providing us processing services, etc., provided that any such third party will commit to protect your privacy as required under the applicable laws and this Policy.
o Customers. When you upload a photo through one of the channels offered by us in order for it to be printed on a drink through the Ripples Maker, you agree to share such photo and your Personal Data with the provider of your drink (coffee shop, bar, restaurant, etc.). We are not responsible for the privacy practices of such providers, and we encourage you to inquire directly about such privacy practices.
o Enforce Our Rights. We may transfer Personal Data in order to take any action in case of dispute involving you with respect to the Website, WebApp, Mobile Application and/or Services.
o Business Transfer. A merger, acquisition, financing, reorganization, joint venture or any other structural change may require us to transfer your Personal Data to another entity, provided that the receiving entity will comply with this Policy.
o Compliance with laws and authorities. We may need to disclose Personal Data in response to lawful requests by public authorities or law enforcement officials, including meeting national security or law enforcement requirements. We cooperate with government and law enforcement officials to enforce and comply with the law.

8. TRANSFER OF DATA OUTSIDE YOUR TERRITORY

We may store, process or maintain Data in various sites worldwide, including through cloud-based service providers worldwide. Where the GDPR applies and we transfer Personal Data to another country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside of the EEA, for example, this may be done in one of the following ways:
o the country that we send the data to might be approved by the European Commission as offering an adequate level of protection for Personal Data (Israel is an approved country);
o the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obligating them to protect your Personal Data; or
o in other circumstances the law may permit us to otherwise transfer your Personal Data outside the EEA.

You can obtain more details of the protection given to your Personal Data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us as described in Section 16 below.

If you are located in a jurisdiction where transfer of your Personal Data to another jurisdiction requires your consent, then you provide us your express and unambiguous consent to such transfer or the storage, processing or maintenance of the Data in other jurisdictions by using the Services.

9. YOUR RIGHTS

In all of the above cases in which we collect, use or store your Personal Data, you may have the following rights and, in most cases, you can exercise them free of charge. Your rights may differ depending on your jurisdiction.

At any time, you may contact us at: info@drinkripples.com and request to know what Personal Data we keep about you. We will make good-faith efforts to locate the Personal Data that you request to access.

Under your right of access, you may obtain confirmation from us of whether we are processing Personal Data related to you, receive a copy of that data, so that you could verify its accuracy and the lawfulness of its processing, request the correction, amendment or deletion of the data if it is inaccurate, incomplete, outdated or processed in violation of applicable law.

However, we may retain certain Personal Data as deemed required by us in accordance with applicable laws, or for legitimate business reasons, for the duration as required under applicable laws.
In addition, we may delete any Personal Data pursuant to our policies, as in effect from time to time.

10. RESPONSE TO REQUESTS

When you ask us to exercise any of your rights under this Policy and the applicable law, we may need to ask you to provide us certain credentials to make sure that you are who you claim you are, to avoid disclosure to you of Personal Data related to others and to ask you questions to better understand the nature and scope of Personal Data that you request to access. We may redact from the Personal Data which we will make available to you, any Personal Data related to others.

11. DATA SECURITY

We take the safeguarding of the Personal and Non Personal Data very seriously, and use a variety of systems, applications and procedures to protect the Data from loss, theft, damage or unauthorized use or access when it is in our possession or control, including reasonable physical, technical and organizational measures which restrict access to the Data. These measures provide sound industry standard security. However, although we make efforts to protect your privacy, we cannot guarantee that the Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.

We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways and for further enhancing the security of our Services and protection of our Users’ privacy.

You should take steps to protect against unauthorized access to your password, mobile device and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. In addition, you should take steps to protect against unauthorized access to Personal Data stored on your premises as well as defining limited access rights to such Data on a need to know basis.

If you receive an e-mail asking you to update your information with respect to the Website, WebApp or Mobile Application do not reply and please contact us at info@drinkripples.com

12. DATA RETENTION

We retain different types of Data for different periods, depending on the purposes for processing the Data, our legitimate business purposes as well as pursuant to legal requirements under the applicable law. We may retain Personal Data for as long as necessary to support the collection and the use purposes under this Policy and for other legitimate business purposes, for example, for storing data, for documentation, for cyber-security management purposes, legal proceedings and tax issues. We may store aggregated Non Personal Data without time limit. In any case, as long as you use the Services, we will keep Personal Data about you, unless we are legally required to delete it, or if you exercise your rights to delete the Personal Data.

13. CHANGES TO THIS PRIVACY POLICY

We may change the terms of this Privacy Policy from time to time by posting notice on our Website, WebApp or Mobile Application. The new privacy policy will be effective from the date mentioned at the bottom page of the new policy.

Your continued use of the Website, WebApp or Mobile Application following such notice shall constitute your consent to any changes made and a waiver of any claim or demand in relation to such changes. If you do not agree to the new or different terms, you should not use and are free to discontinue using the Website, WebApp or Mobile Application.

14. APPLICABLE LAW AND DISPUTE RESOLUTION

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Israel, without regard to its conflict of law provisions.

The courts of the Tel Aviv – Jaffa district shall have exclusive jurisdiction in all disputes and proceedings arising from this Privacy Policy.

15. CONTACT US

For further information about this Policy, please contact us at info@drinkripples.com

We work hard to handle your Data responsibly. If you are unhappy with the way we do this, please contact us and we will make good-faith efforts to address your concerns. We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from us, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, we will provide you with the contact information for that regulator.

Ripples Ltd. All rights reserved.
Last Updated: September 2, 2020