The Open University of Israel's Privacy Policy

Objective

The purpose of this Privacy Protection Policy is to set forth the principal provisions implemented by the services as well as to specify the rights of data subjects (students, alumni, applicants, candidates, suppliers, donors, service providers, visitors, users, and any other individuals whose personal data may be processed) pursuant to applicable law.

Consent

In order to provide the services described in this Privacy Protection Policy, it is necessary for us to process the personal data you provide. Please be advised that you are under no statutory obligation to furnish such data, and its provision is entirely voluntary. Nevertheless, refusal to provide the requisite data or to grant the necessary consent may result in our inability to deliver certain services or to facilitate your participation in specific activities.

You have the right to withdraw your consent at any time. Upon receiving such request, we will take the necessary steps in accordance with applicable law.

Definitions and General Concepts

1. “The Protection of Privacy Law” – the Protection of Privacy Law  1981, and the regulations pursuant to it.
2. “Personal information” – as defined in the Protection of Privacy Law: Data relating to an identified or identifiable person. For the purposes of this definition, an “identifiable person” is an individual who can be identified, either directly or indirectly, through reasonable means, including through an identifier, such as a name, identification number, biometric identifier, location data, online identifier, or by one or more factors specific to the individual’s physical, health, economic, social, or cultural identity.
3. “Data subject” – the person to whom the information relates.
4. “Processing / Use of Information” – any operation or set of operations performed on personal information, whether by automated means or otherwise, including inter alia, obtaining, collecting, recording, organizing, storing, copying, retrieving, reviewing, using, disclosing, making available, transferring, delivering, or otherwise granting access to such information.
5. “Protection of Privacy Regulations” – the Protection of Privacy Regulations (Data Security)  2017.

Interpretation 

In the event that any term in this Policy requires interpretation, such term shall be construed in accordance with the provisions of the Protection of Privacy Law. 

The Data Controller

For the purpose of the Privacy Protection Law and this privacy policy, The Open University is a database controller which stores personal information collected as part of the services. Its details are – 

Address: 1 University Road, Ra’anana

Telephone: 09-7782222 or *3500

Contact The Open University

E-mail: dpo@openu.ac.il.

The Data Protection Officer

For the purposes of privacy protection, the University has appointed a Data Protection Officer (DPO). Part of the DPO’s role is to implement the privacy protection provisions and ensure that the University complies with these rules, in coordination with the University’s legal advisor. 

The DPO will also serve as the point of contact for inquiries on privacy protection issues. Below are the details of the University’s Data Protection Officer: dpo@openu.ac.il.

The purposes of information processing 

The University collects and processes information collected and processed to use for one or more of these purposes:

1. Services and Operations Management – for the purpose of identifying users, managing accounts, processing orders and procurements of the Lamda Library, registering and handling applications to the OPala Parents’ Club and other services offered, joining curricula or participating in activities on graduate sites, and accessing all services provided by the various websites under the University’s responsibility.
2. Managing academic and administrative information, including maintaining contact with individuals inquiring about academic programs, prospective students, current students, and pupils enrolled at the University, and alumni, for purposes including but not limited to financial administration, scholarship processing, and facilitation of student activities. Managing and running academic or other studies and improving the University’s activity.
3. To achieve a tailored and supportive learning atmosphere and improve service
   The University uses the information collected about studies, including data on course registration, academic progress, grades, completion of assignments and exams, and other academic records, for the purpose of conducting advanced analyses, including the development of models that help the University provide personalized support and promote student success. We wish to clarify that this information is used solely for internal purposes. 
4. Receiving Donations and Financial Management – In projects related to donations, personal information is used for recording donations, issuing receipts, and managing financial transfers, while ensuring transparency and compliance with legal requirements.
5. For general research purposes, focusing on statistical analyses related to groups of students rather than individual students. 
6. Hiring management and accepting job candidates.
7. Managing the University’s procurement system, including contact with external suppliers.
8. For the purposes of ensuring security and safety, security cameras are installed on University premises to protect the facilities, students, staff, and visitors, in accordance with applicable legal provisions.
9. Complying with legal and regulatory requirements, including reports to the certified authorities, fulfilling Israeli and foreign statutory obligations, and compliance with privacy, information security, academic reporting, and financial regulatory requirements.
10. Managing technology and information infrastructure systems, including information systems security, monitoring of activity for cybersecurity purposes, backup, control, and proper operation of digital services.
11. Communications and updates, including notifications to students, candidates, and alumni, distributing academic and organizational information, invitations to events, and institutional publications.
12. Maintaining public order and security subject to applicable legal requirements.

Data subjects may request to review the information about themselves or to amend and/or delete incorrect and/or outdated information. Data subjects may also request that information about them used for direct mailing be deleted from the database or not be transferred to third parties. The request will be handled subject to the terms and restrictions prescribed by law and the University’s procedures.

University students: It is important to note that most of the information managed through the Sheilta system, including the ability to opt out of direct mailings by type of information, can be accessed there. We recommend that students log in to the Sheilta system to review or update their information, and/or remove their details from direct mailing lists. If the information you are looking for is not available through the Sheilta system, you may contact the Privacy Protection Officer at the address provided below:

Please contact the DPO by email with any inquiry or request related to the data subject's rights at dpo@openu.ac.il.

Please contact the Freedom of Information Officer for any request or inquiry related to reviewing information pursuant to the Freedom of Information Law, 5758-1998, at foia@openu.ac.il.

Transfer of information to third parties

The transfer of information between organizations, when necessary, will be carried out while ensuring the protection of privacy. The transfer of information to any third parties, whether in Israel or abroad, will only occur in the following circumstances:

• The transfer of information aligns with the purpose for which the information was given.
• The data subject has agreed to transfer the information.
• The transfer of information is carried out according to a judicial order, or according to a mandatory requirement of an official authority, subject to the provisions of the law.
• Transfer of information to authorized entities, including the Council for Higher Education in Israel, the Ministry of Education, supervisory bodies, the Israel Tax Authority, and law enforcement authorities, shall be carried out in accordance with the applicable legal provisions governing the transfer of information between public bodies, as required and binding under the law. 
• Trusted third-party service providers assist in the operation of our services, the management of our ongoing activities, and the provision of services to data subjects. These may include providers of information systems, payment processing, data storage, and external consultants. All such engagements are conducted under strict confidentiality obligations and in full compliance with applicable laws, while ensuring the protection of data subjects' rights.
• Research bodies and academic colleagues for the purpose of carrying out collaborative studies or scientific activity, provided that the information transferred complies with the rules of ethics and the law (in appropriate cases, after anonymization or pseudonymization). 
• Foreign academic institutions – for the purpose of student exchanges, joint programs, or international studies, subject to the provisions of the law, including the mechanisms for the international transfer of information pursuant to the GDPR, as applicable. 
• Insurance companies, financial institutions, and scholarships – in cases in which it is necessary to transfer information for the purpose of exercising the rights of students, visitors, donors, etc.

Security and monitoring 

The University employs a variety of technological security, monitoring, and other measures to ensure information security and to comply with legal requirements, including University procedures, its information security policy, and the proper use of information resources. These monitoring and security measures are implemented in a manner that safeguards the privacy of data subjects and remains in compliance with applicable laws.

Cookies and other technologies

The University uses various cookies that are necessary to operate the website, for statistical purposes, and to save your preferences. It may also use essentially similar technologies for the ongoing operation of the website. You may configure your browser to allow or disable cookies as you choose.

Cameras

As a rule, the use of cameras in the various campuses for security, teaching, research, and work purposes will be carried out in compliance with applicable laws and in adherence to privacy protection principles and University procedures.

Direct mailing

The University may, from time to time, send you advertising and marketing information related to the University or its services. This information will be sent to you pursuant to the law, and you may revoke your consent at any time to stop receiving such messages. 

If you are a student, you may opt out at any time through the Sheilta system.

Information security and confidentiality

The Open University is committed to protecting information confidentiality. The employees, faculty, and external suppliers operating on its behalf are committed to protecting confidentiality pursuant to internal agreements and procedures. The University implements organizational, physical, and technological security measures to reduce the risk of compromising information. They include the use of encryption, identification and authorization measures, firewalls, and traffic monitoring and authorization management tools, and the latest defenses pursuant to the Protection of Privacy (Data Security) Regulations, 2017.

Nonetheless, no system is completely immune to hacking or malfunction. Therefore, users should take care to keep their passwords and access details confidential, choose strong passwords, avoid sharing them with others, and exercise caution when using public or shared devices. If there is any concern about unauthorized exposure of access details, users should notify the Mashov Center as soon as possible so that appropriate protective measures can be taken.

Links to external sites

The Open University’s websites may include links to websites, services, and content that are not operated by the University, such as the Students’ Union, social media, and/or external parties (for example, the Israel Inter-University Computation Center – Mahba). These links are provided for users’ convenience only, do not constitute a recommendation, and the University bears no responsibility for them.

The University does not control or supervise the content, services, information collection practices, or protective measures of these external sites and is therefore not liable for any damage or infringement that may result from their use. Users who choose to access external websites through our site are advised to review the privacy policies and terms of use of those sites and to exercise their discretion.

Data Retention and Deletion

Information collected by the University will be retained for as long as necessary to fulfill the purposes for which it was collected, including compliance with regulatory, contractual, academic, or legal obligations. Upon the conclusion of the applicable retention period, the University will take reasonable measures to delete the information or anonymize it, such that it can no longer be associated with the data subject, unless there is a legal obligation or a legitimate interest requiring its continued retention.

The University regularly reviews the necessity of retaining information and employs mechanisms to manage, reduce, and update data in line with the principles of purpose limitation and data minimization.

Changes to the policy

The University may change the provisions of this policy from time to time. Any changes will be communicated by publishing the updated policy on the University’s website or through other means to inform users.