1. We understand and appreciate how important the protection of your personal data and information are. This privacy policy deals with the protection of your personal information and data in accordance with EU regulation 2016/679 of the European Parliament and of the Council dated 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, ie, the General Data Protection Regulation (“GDPR”).

  2. Our compliance with the GDPR gives you more control over how your personal information and data are used and processed and also significantly simplifies the procedures for processing your personal data and information.

  3. We provide this Privacy Policy to inform you of our policies and procedures regarding the collection, use, protection, processing and disclosure of your personal information received from you during the course of your use of this website https://www.theshabbosproject.org/. This Privacy Policy also informs you of your rights and choices with respect to your personal data and information, and how you can reach us to update your data and information or obtain answers to questions you may have about our privacy procedures, processes and practices.

  4. At the end of the day: “It’s all about trust.” The protection of your personal data and information are a very important concern for you; and your trust in digital environments remains low, according to various surveys. Therefore, we are obliged to adequately protect your personal data and information. Furthermore, we, as an organisation, do not wish to risk losing your trust in us and how we deal with your vital personal data and information. In this way, we hope that we can encourage you to use our current and future products and services.

  5. The GDPR sets out certain rules and principles relating to the protection of natural persons with regard to the processing of personal data and information and rules relating to the free movement of such personal data. Furthermore, the GDPR protects fundamental rights and freedoms of natural persons and, in particular, the right to the protection of personal data and information. The free movement of personal data within the European Union will be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data or information.

  6. We are obliged to comply with the GDPR because, at least, you (as a data subject) could be found in the European Union and, as such, we process personal data or information from a natural person living in the European Union, with the processing activities related to:
    1. The offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the European Union; or
    2. The monitoring of data subjects’ behaviour as far as their behaviour takes place within the European Union.

  7. Additionally, because we process personal data and information in a place where potential member state law applies by virtue of public international law, we must comply with the GDPR.

  8. The main purpose of our websites is to provide information and services to our visitors. Additionally, we collect, use and process your personal information and data for the following purposes:
    1. To send you downloadable, educational materials relating to Shabbos and The Shabbos Project;
    2. To send you information on how to run your own Shabbos Project event;
    3. To send you information on other Shabbos Project events happening around the world;
    4. To send you marketing material relating to The Shabbos Project;
    5. To send you details of our various social media pages, and how to subscribe to them;
    6. To obtain your consent to subscribe to the services contained in this clause; and
    7. For reporting and statistical purposes, including for the provision of donor reports.

  9. In compliance with the GDPR, we process your personal information and data lawfully, fairly and in a transparent manner (see below).

  10. We collect and process your personal information and data for a specified, explicit and legitimate purpose and are not further processed in a manner that is incompatible with this purpose (see below).

  11. We collect and process your personal information and data in an adequate, relevant and limited manner to what is necessary in relation to the stated purposes (see below).

  12. We keep accurate and, where necessary, up-to-date information and data relevant to you; and every reasonable step is taken to ensure that the personal data and information that you provide to us, which is either inaccurate or out-of-date, having regard to the stated purpose (see below) is deleted, erased, de-identified/de-personalised or rectified without delay (see below).

  13. We keep your personal data and information in a form which permits identification of you, as a data subject, for no longer than is necessary for the stated purposes (see below); and your personal data and information may only be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; subject to the implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard your rights and freedoms (see below).

  14. We process your personal data and information in a manner that ensures appropriate security of such personal data and information, including protection against unauthorised or unlawful processing and against accidental loss or destruction or damage, using appropriate technical and/or organisational measures.

  15. Ultimately, we are responsible for compliance with the GDPR; and it is to us that we request that you turn first should you feel that your personal data or information has been processed or used inappropriately or abused by us or any third party.

  16. By ticking the checkboxes associated with this document and website, you give your complete, informed and unequivocal consent to the collection and processing of your personal data and information for the specific purposes detailed below.

  17. What personal information or data do we process?
  1. For the purpose of this Privacy Policy, “personal information and data” means any information relating to an identified or identifiable individual.

  2. We do process personal information or data of children or minors. In this regard, if the data subject is a child and is at least 16 years old, s/he must obtain the consent of his/her parent, guardian or holder of parental responsibility over the child, in order for the child’s personal informåation and data to be processed. We take all reasonably practical efforts to verify that the required consent or authorisation is given by the parent, guardian or holder of parental responsibility over the child.

  3. We do not process special categories of personal data or information (“special personal information”).

  4. We process your personal data and information on the basis of consent, and as such, we are always able to demonstrate to you that you have given such consent.

  5. You have the right to withdraw your consent at any time by simply sending an email to [email protected]. This withdrawal will not affect the lawfulness of the processing of your personal data and information based on consent prior to such withdrawal. Additionally, at any stage, you may access our website and withdraw your consent.

When do we process your personal information or data without your consent?

  1. We may process your personal information or data without your consent in the following circumstances:
    1. Where it is necessary for the performance of a contract to which you are a party wall in order to take steps at your request prior to entering into a contract;
    2. Where it is necessary for compliance with a legal obligation to which we are subject;
    3. Where it is necessary in order to protect your vital interests or that of another natural person;
    4. Where it is necessary for the performance of a task carried out in the public interest;
    5. When you unsubscribe to one of our services; and/or
    6. Where it is necessary for the purposes of the legitimate interests pursued by us or by a third party, except when such interests are overridden by your interests or fundamental rights and freedoms, which require protection of personal data.

How do we process your personal information and data?

  1. We process your personal data and information by both automated and non-automated means.
    1. We are obliged to take appropriate measures to provide any information referred to in this document, relating to the processing of your personal data and information, in a concise, transparent, intelligible and easily accessible form, using clear and plain language. The information will be provided in writing, or by other means, including, where appropriate, by electronic means. You have the right to request information both verbally, in writing or by any other means that you wish.
    2. We will not refuse to act on a request by you, exercising your rights under the GDPR, unless we can prove that we are not able to identify you as the data subject.
    3. We must provide information on actions taken on a request by you, without undue delay, and in any event, within one (1) month of receipt of such a request. This period may be extended by two (2) further months, where appropriate, taking into account the complexity and number of requests that we receive. We must inform you of any such extension within one (1) month of receipt of your request, together with reasons for the delay. Where you make a request by electronic means, the requested information will be provided by electronic means where possible, unless otherwise requested by you.
    4. If we do not take action on a request by you, we must inform you without delay and at least within one (1) month of receipt of your request of the reasons for not taking action and on the possibility of lodging a complaint with supervisory authority and/or seeking a judicial remedy.
    5. We must provide such information for free, unless the request for such information is manifestly unfounded or excessive, in particular, because of repetitive requests. In such a situation we may charge a reasonable fee, taking into account the administrative costs of providing informational communication or taking the necessary action requested; or refusal to act on the request. Ultimately, we bear the burden of demonstrating the manifestly unfounded or excessive nature of the request.
    6. We have reasonable doubts concerning the identity of the natural person making the request referred to above; we may request that you provide us with additional information necessary to confirm your identity.
    7. The information that we provide may be provided in combination with standardised icons in order to give such information an easily visible, intelligible and clearly legible and meaningful overview of the intended processing. Where the icons are presented electronically, they must be machine-readable.
    8. In relation to point 22, you may be asked to provide personal identifiable information such as your name, physical and/or postal address, email address and cell phone number.
    9. We do not sell, rent, swap or otherwise share our mailing lists, ie, your personal data and information with external organisations. However, we may, from time to time, be required to share and exchange your personal information with our associated or affiliated companies and organisations and under certain other legal obligations (see below).

How may we use your personal information or data?

  1. We may use your personal information or data that we obtain about you to:
    1. Create and manage your account, provide our services, and respond to your inquiries;
    2. Manage account authentication;
    3. Communicate with you in order to verify your account and its details and for informational and operational purposes, such as account management, system maintenance, including by periodically emailing you service-related and other announcements about the Chief Rabbi’s projects and related projects;
    4. Aggregate your data and information for analytical purposes;
    5. Send you marketing communications from us or our affiliated and associated companies and organisations;
    6. Ensure the security of our services and websites;
    7. Enforce our agreements and legal rights; and
    8. Comply with our legal obligations in terms of law, industry standards and our policies.

  2. In terms of the GDPR (and the Electronic Communications and Transaction Act (“ECTA”), we are required to disclose the following information to you:
    1. We, as the data controller, are The Shabbos Project;
    2. Our contact numbers are
      United States
      +1 718 509 9280
      United Kingdom
      +44 20 32 86 8810
      South Africa +27 11 880 0099
      Israel +972 53 220 4909
      France (+33) 1 774 79 818;
    3. Our general contact email is [email protected];
    4. We keep and store your personal data and information until such time as you decide actively to withdraw your consent;
    5. You have the right to request from us access to and rectification, de-identification or deletion of your personal data and information or any restriction of processing concerning your personal data and information; or to object to the processing of such data and information as well as the right to move your data to another processing entity, company or organisation; and
    6. You have the right to withdraw consent at any time; however, this does not affect the lawfulness of the processing of your personal information and data based on your prior consent given before the withdrawal.

  3. We use automatic decision-making technologies, including profiling.

  4. You have the right to obtain from us confirmation as to whether or not your personal data and information has been or is being processed by us and, where that is the case, to obtain access to such data or information and the following additional information, where it differs from what is stated above:
    1. The purpose of the processing;
    2. The categories of personal data concerned;
    3. The recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular, recipients in third countries or international organisations;
    4. Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    5. The existence of the right to request from us rectification or erosion of personal data and information restriction of processing of personal data concerning you or your right to object to such processing;
    6. The right to lodge a complaint with the supervisory authority;
    7. With the personal data not collected from you, any available information as to the source;
    8. The existence of automated decision-making, including profiling, and at least, in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject;
    9. Where your personal data and information are transferred to third party country or to an international organisation, you have the right to be informed of the appropriate safeguards relating to such transfer;
    10. We are obliged to provide you with a copy of the personal data and information undergoing processing;
    11. Should you wish to obtain further copies of your personal data or information, we may charge a reasonable fee based on administrative costs associated with the provision of this data or information. Where you make such request by electronic means, and unless otherwise requested by you, information and data that we hold and process will be provided by email; and
    12. This right to obtain a copy cannot adversely affect the rights and freedoms of others and we will ensure this does not happen.
  1. You have the right to obtain from us, without undue delay, correction of inaccurate or incorrect personal data and information concerning yourself only. Taking into account the purposes of such processing, you have the right to have incomplete personal data completed by providing us with a supplementary statement.

Updates to this Privacy Policy

  1. This Privacy Policy may be updated from time to time for any reason; each version will apply to the data and information processed while it was in place. We will notify you of any modifications to our Privacy Policy by posting the new Privacy Policy on our website and indicating the date of the latest version. You are advised to consult this the Privacy Policy regularly for any changes.

  2. In the event that modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change; for example, we may send you a message using email or generating a pop-up or similar notification on the website or in our newsletter and other communications with you.

  3. Your continued use of the services and the websites after the revised Privacy Policy has become effective indicates that you have read, understood and agreed to the most current version of this Privacy Policy.