Protection of Privacy Policy

The Open University of Israel (hereinafter: “the University”) is under the obligation to protect and adhere to regulations governing privacy and the protection of personal information and the management of the information, as this term is defined below, held by the University in accordance with the Protection of Privacy Law 5741 - 1981 and its regulations. Additionally, the University must comply with other applicable statutory provisions and international regulations concerning privacy protection, such as the European Union’s General Data Protection Regulation (GDPR), in circumstances where these statutory provisions and/or rules apply to the University.

Expand All

Introduction

Aim
The aim of a privacy protection policy document is to detail the main points of the privacy protection policy implemented by the University and the rights of the data subjects (students, alumni, people interested in studies, the University’s employees, suppliers, service providers, visitors, and other data subjects) in accordance with the provisions of any law.

Definitions and General Concepts
1. “The Protection of Privacy Law” – the Protection of Privacy Law 5741 - 1981, and the regulations pursuant to it.
2. “Personal or sensitive information” – as defined in the Protection of Privacy Law or the EU Protection of Privacy Regulations: Any information about a natural [JV1] person who is identified or identifiable directly or indirectly, relating, among other matters, to details of the person’s name, address, contact information, identity number, credit card number, location data including their online location, their physical, physiological, genetic, mental, economic, cultural, and social information, as the case may be, and any information about a person’s private life, medical and mental condition, their political opinions and religious beliefs, and their sexual orientation, actions or habits.
3. “Data subject” – the person to whom the information relates.
4. “Processing information” – any activity carried out with the information, whether by automatic or other means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, disclosure, transmission, distribution, combination, restriction, erasure, and destruction of the information.
5. “GDPR (General Data Protection Regulation)”- the European Union's privacy protection regulations (May 2018): Mandatory provisions regulated by the European Parliament, the Council of the European Union and the European Commission in order to protect data subjects in the territory of the EU with regard to processing personal data of the Union's citizens.
6. “Protection of Privacy Regulations” – Protection of Privacy Regulations (Data Security) 5717 - 2017.)

Interpretation
In a case where it is necessary to interpret any of the terms in this document, they will be interpreted in accordance with the provisions of the Protection of Privacy Law or the EU's privacy protection regulations, as the case may be.

The Owner of the Information and the Data Protection Officer

The Data Protection Officer
For the purposes of privacy protection, including for the purposes of privacy protection according to the EU's privacy protection regulations, the University has appointed a Data Protection Officer (DPO). Part of the DPO’s role is to act to implement the privacy protection provisions and ensure that the University complies with these rules, in coordination with the University’s legal advisor.
The DPO will also serve as the corporate address for inquiries on privacy protection issues. Here are the details of the University’s Data Protection Officer: dpo@openu.ac.il

Principles of Privacy Protection

The purposes of information processing
The information collected and processed by the University is used by it for one or more of these purposes:

Managing academic and administrative information, including maintaining contact with people inquiring about studies and candidates for studies, the students and pupils who study in the University and its alumni, for financial purposes, scholarships and/or for the purpose of student activity.
Managing and running academic or other studies and improving the University’s activity.
To achieve a suitable and supportive learning atmosphere.
The University uses the information collected about studies, including data on course registration, academic progress, grades, completion of assignments and exams, and other academic records. This information is used for the purpose of conducting advanced analyses, including the development of models that help the University provide personalized support and promote student success. We wish to clarify that this information is used solely for internal purposes.
For general research purposes focusing on statistical analyses related to groups of students rather than individual students.
Managing human resources and University personnel, including the recruitment of employment candidates.
Managing the University’s procurement system, including contact with external suppliers.
Maintaining public order and security subject to the provisions of any law.
The use of information is carried out with a strong commitment to protecting the privacy of data subjects and safeguarding the information in accordance with the Protection of Privacy Law (Amendment 13). The University commits not to share the information with third parties, except in the cases specified in Section 4 of Chapter 5 below.

The Data Subject's Rights

Data subjects may request to review the information about themselves and amend incorrect information. Data subjects may also request that information about them used for direct mailing be deleted from the database or that it not be transferred to third parties. The request will be dealt with, subject to the terms and restrictions determined by law and by the University’s procedures.
Please contact the Freedom of Information officer by email with any inquiry or request related to reviewing information: foia@openu.ac.il

Please contact the DPO by email with any inquiry or request related to the data subject's rights: dpo@openu.ac.il

Responsibility and Mechanisms for Implementing the Principles

Security and monitoring
The University makes use of a variety of technological and other measures for security and monitoring, for the purposes outlined in the University’s procedures, including its information security policy and guidelines for the appropriate use of information resources. These security and monitoring activities are conducted in a manner that respects the privacy of the data subject, subject to the provisions of the law.

Cookies and other technologies
The University uses various cookies that are necessary to operate the website, for statistical purposes and to save your preferences. It may also use essentially similar technologies for the ongoing operation of the website. You may configure your browser to allow or disable cookies as you choose.

Cameras
As a rule, the use of cameras in the various campuses for security, teaching, research and work purposes will be carried out in accordance with the provisions of the law and in adherence to privacy protection principles and University procedures.

Transfer of information
The transfer of information between organizations, when necessary, will be carried out while ensuring the protection of privacy. The transfer of information to any third parties whatsoever, whether in Israel or abroad, will occur only in the following circumstances:

The transfer of information aligns with the purpose for which the information was given.
The data subject has agreed to transfer the information.
The transfer of information is carried out according to a judicial order, or according to a mandatory requirement of an official authority subject to the provisions of the law.
The transfer of information complies with the provisions of the law regarding the transfer of information between public bodies.
Reliable third parties assist us in the operation of our services, managing our ongoing activity or providing services to the data subject, under an obligation to maintain confidentiality and uphold the legal rights of the data subjects.

Direct mailing

The University may from time to time send you advertising and marketing information connected to the University or its services. This information will be sent to you in accordance with the law, and you may revoke your consent at any time to stop receiving such messages.

If you are a student, you may opt out at any time through the Sheilta system.

Confidentiality
Any University employee or service provider granted access to information is required to sign a confidentiality agreement that ensures the information remains confidential and is used solely within the scope of their designated duties.

Protection of information and responsibility

The University, along with its database holders and administrators, is committed to securing the information in accordance with the legal security standards applicable to the database, as well as the University’s internal information security protocols and contractual obligations.

We implement safeguards to minimize the risk of damage, data loss, or unauthorized access or use of information, including policy guidelines for University staff and users of its information resources.

Data Retention and Deletion

Information collected by the University will be kept for the time necessary to achieve the purposes for which it was collected, including meeting regulatory, contractual, academic or legal requirements. At the end of the relevant period, the University will take reasonable steps to delete the information or make it unidentifiable, so that it cannot be attributed to the data subject, unless there is a legal requirement or a legitimate need to continue to keep it for a longer period.

The University regularly reviews the necessity of retaining information and employs mechanisms to manage, reduce, and update data in line with the principles of purpose limitation and data minimization.

Changes to the policy
The University may change the provisions of this policy from time to time. Any changes will be communicated by publishing the updated policy on the University’s website or through other means to inform users.