Last updated: December 1, 2025
🛡️ Privacy Policy
This Privacy Policy explains how Emarketmed collects, uses, stores, protects, and processes Personal Data in accordance with applicable Data Protection Laws, including the retained EU law version of GDPR, the UK GDPR, and relevant privacy legislation of Israel and other jurisdictions.
1. Data We Collect
We collect and process the following categories of Personal Data:
- Identification data: full name, email address, phone number.
- Lead data: information submitted via forms, integrations, or CRM sources.
- Technical data: IP address, device type, browser version, cookies (as detailed in our Cookie Policy).
- Operational data: campaign IDs, tracking data, performance metrics.
We do not collect special categories of data (sensitive personal information) unless expressly required and consented to by the data subject.
2. Purpose of Processing
We process Personal Data for the following legitimate business purposes:
- Providing CRM and lead delivery services to our clients.
- Managing and improving the functionality and performance of our platform.
- Ensuring accurate routing, delivery, and secure storage of leads.
- Security monitoring and fraud detection to protect our services and users.
- Fulfilling legal and regulatory obligations.
- Communication with clients, affiliates, and partners regarding our services.
3. Legal Basis for Processing
Our processing activities are based on the following legal grounds, as applicable under GDPR and similar laws:
- Performance of a contract (Article 6(1)(b) GDPR): Processing necessary to provide the services you or our client have contracted us for.
- Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, provided they do not override your fundamental rights (e.g., security, platform improvement).
- Compliance with legal obligations (Article 6(1)(c)): Processing necessary to comply with laws, regulations, and court orders.
- Consent (Article 6(1)(a)): Where applicable, we rely on your specific consent (e.g., for certain marketing communications).
4. Where Data Is Stored
Your data is securely stored on:
- AWS EU-West (Paris) data centers: Primary location for database and application servers.
- Cloudflare: Used for DNS resolution, security, and SSL termination.
No data is knowingly transferred outside the EU unless appropriate safeguards (such as Standard Contractual Clauses - SCCs) are in place to ensure a high level of protection.
5. Security Measures
We implement strong administrative, technical, and physical safeguards designed to protect your Personal Data from unauthorized access, disclosure, alteration, and destruction:
- Encrypted HTTPS communication (TLS) across all platform endpoints.
- Firewall and access rules enforced via AWS Security Groups.
- Database accessible **only via localhost** or restricted internal networks.
- **No public DB endpoints** are exposed.
- IAM policies (Identity and Access Management) for least-privilege access.
- Encryption at rest (e.g., EBS volumes, RDS storage).
- Regular **audit logs and monitoring** for security events.
6. Data Retention
Personal Data is retained only as long as necessary to:
- Provide the requested services.
- Comply with specific legal or regulatory requirements (e.g., tax, audit).
- Maintain accurate business records for legitimate purposes.
Specific retention periods are defined in our internal Data Retention & Deletion Policy.
7. Data Subject Rights
Depending on your jurisdiction, users may have the following rights regarding their Personal Data:
- Access: The right to obtain a copy of your data.
- Rectification: The right to correct inaccurate or incomplete data.
- Erasure ('Right to be Forgotten'): The right to request deletion of your data.
- Restriction: The right to limit the way we use your data.
- Portability: The right to receive your data in a structured, commonly used format.
- Objection: The right to object to processing based on legitimate interests.
Requests to exercise these rights can be submitted to: [email protected]
8. Sharing of Personal Data
We share data only with trusted third parties who require it to perform services on our behalf and are bound by strict contractual obligations:
- Hosting providers (AWS): For infrastructure and storage.
- Security services (Cloudflare): For network security and content delivery.
- Contracted processors: Third-party services supporting essential CRM functions (e.g., data validation).
We do not sell Personal Data to third parties.
9. Contact Information
For any inquiries or concerns regarding this Privacy Policy, your data protection rights, or our processing activities, please contact us: