You can jump to particular topics by going to the headings below:
- Information We Collect and How We Use It
- Sources of Personal Information
- Information Disclosure
- Data Security
- Data Retention
- Data Integrity
- EEA Users
- Third-Party Links
- Legal Justification and Consent to Processing
- Children and Minors
- Governing Law and Jurisdiction
- Contacting Us
1. Information We Collect and How We Use It
The types of Personal Information we collect about you depends on how you interact with us. Depending on the Services you use, the following are the categories and specific types of Personal Information that we collect, and have collected, as well as how we use it:
1.1 Usage Information. We may collect and automatically process meta data in connection with your use of the Services (“User Data“). User Data may include your IP address, user setting, location, type of browser and version, operating system or device, referral source, visit length, page views and Website navigation paths, as well as information about the frequency and timing of your use of the Service. An IP address is a numeric code that identifies your browser on a network, or in this case, the Internet. Your IP address is also used to gather broad demographic information. User Data may be processed for the purposes of analyzing the use of the Services, including the usage trends and preferences of our users, operating our Website, and improving and customizing the Services.
1.2 Your Contact Information. When registering on our Website or other create an account or profile using the Services, you may be asked to provide your name, email address, mailing address, telephone number, role within your enterprise or other details (“Entered Data“). You are the source of such Entered Data, and such data may be processed for the purposes of providing the Services, ensuring the security of the Services, and communicating with you.
1.3 User Communications. We may process information contained in any enquiry or communication you submit to us regarding the Services (“Enquiry Data“). When subscribing to Cato’s mailing lists on our Website or otherwise requesting us to contact you, we collect your phone, e-mail address and country of your residence. We may send you news and updates in respect of the Services. We may also send you newsletters and promotional communications, you may opt-out of this service, including participation in mailing list, at any time by submitting a request at privacy@com. Please note that even if you opt-out of receiving the foregoing communications, we may still send you a response to any “Contacting Us” request as well as administrative e-mails (e.g. in connection with Cato services) necessary to facilitate your use of the Services. The Enquiry Data may be processed for purpose of responding to your communication, improving our Services and offering any promotional offers with respect of our Services. We have not disclosed your Personal Information for direct marketing purposes to other controllers in the preceding twelve (12) months.
1.4 Orders. We may process information relating to transactions that you enter into with us for the purchasing of Services (“Transaction Data“). The Transaction Data may include your contact details, bank details and the transaction details. The Transaction Data may be processed for supplying the purchased Services, and maintaining proper documentation.
1.5 Recruitment and Pre-Employment. We may process information that you provide to us as part of any HR recruitment process you undergo with Cato. We will collect and use Personal Information to help assess your skills and your suitability to the relevant position. We may also use such data to contact you if we believe any career opportunities with Cato may interest you. Such information may include your name, email address, CV, telephone number, profile photo, references, certifications and qualifications and other relevant information associated with your assessment (“Candidate Data”). Please note that when providing information of third parties, such as references, you are responsible to notify them of this fact and obtain their consent for use of their Personal Information.
1.6 Information Received from Third Parties. We may supplement the information that you provide with information that is received from third parties. If you access the Services through any third party platforms (such as Facebook or Google), or interact with any third party platforms or other social media plug-in in the Service (such as a Facebook “Like” button) we may receive information from your respective social media or third party platforms account, including your account information, email, name, photo and any information defined as public pursuant to the policies of such third party platforms and/your settings in the respective third party platform.
1.7 Aggregate and Analytical Data. In an ongoing effort to better understand and serve the customers of the Services, we often conduct research on its customer demographics, interests and behavior based on the Personal Information and other information provided to us. This research may be compiled and analyzed on an aggregate and deidentified basis, and we may share this aggregate data with our affiliates, agents and business partners. This aggregate information does not identify you personally. We may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes. We also may use aggregate data for monetization.
Please do not supply any other person’s Personal Information to us without the specific and explicit consent of all parties, including the owner of such Personal Information. The provision of the Personal Information listed above is generally voluntary, but in certain instances, we will not be able to process your request for our Services without the requested Personal Information.
- To identify you when you visit our Website;
- To manage your account;
- To conduct our business, including providing you the Services you requested;
- To send you marketing communications about new or updates to our existing Services;
- To comply with our legal obligations, to establish and exercise our rights, and to defend against a legal claim;
- To maintain and improve our Website and tailor the user experience;
- To respond to your inquiries related to support or other requests;
- To conduct analytics;
- To protect the security of your information and the Website;
- To consider individuals for employment and contractor opportunities and manage onboarding procedures, as well as to administer and improve our recruitment process;
- To evaluate our progress in achieving our diversity hiring goals, to ensure equal opportunity monitoring and reporting, to meet obligations, including providing workforce accommodations and for disability and workplace safety tracking administration.
- To provide and maintain the functionality of our Website, including identifying and repairing errors or problems; and
- To provide customer service and otherwise administer our business relationship with you.
Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose. As a result, our collection and processing of your Personal Information is based in different contexts upon your consent, our need to perform a contract, our obligations under law, and/or our general interest in conducting our business.
2. Sources of Personal Information
We collect your Personal Information in the following ways, pursuant to applicable law:
- Directly From You, when you use our Website or Services, sign-up for an account, contact us, sign up to receive emails, text messages, and/or postal mailings.
- From Our Third‑Party Partners, including from third parties that we have partnered with to provide you the Services that you have requested from us.
- Other Sources, including publicly available sources, as permitted by applicable law.
3. Information Disclosure.
(a) Service Providers: We may disclose your Personal Information with service providers. Among other things service providers may help us to administer and secure our Website, conduct surveys, mail communications, or provide technical support, data center services or legal advice. These service providers may collect, store, analyze, or otherwise process information on our behalf;
(b) Cato Affiliates and Acquisitions: We may disclose your Personal Information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If we become involved in a reorganization, merger, consolidation, acquisition, or any form of sale of some or all of our assets, with any type of entity, whether public, private, foreign or local, we may also disclose your Personal Information;
(f) Government agencies, regulators, and professional advisors. Where permitted or required by applicable law, we may disclose Personal Information to government agencies and regulators (e.g., tax authorities, courts, and government authorities) to comply with our legal obligations, and to external professional advisors as necessary to defend our legal interests.
4. Data Security.
We follow generally accepted industry standards to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of Personal Information. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
5. Data Retention.
6. Data Integrity.
7. EEA Users
The following information applies to residents of the EU or the European Economic Area (“EEA”), who use our Services in the EEA.
A “resident” of the EEA is an individual who is physically present in the EEA. This section does not apply to EEA citizens who are resident outside of the EEA (for example, a French citizen who is resident in the United States). The EEA consists of the member states of the European Union, i.e., Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and Iceland, Liechtenstein, and Norway (collectively, “EEA Residents”). This section also applies to residents of Switzerland and United Kingdom as well.
From May 25, 2018, all processing of Personal Information of EEA Residents is subject to the General Data Protection Regulation (2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of Personal Information and on the free movement of such data (“GDPR”) as well as section 3 of the European Union (Withdrawal) Act 2018 as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419) (“UK GDPR”).
7.1 International Transfers of Personal Information
7.2 Your Rights
The following is a summary of the rights that you may have under applicable data protection law. These are complex, and not all of the details have been included herein. In light of this, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights that may be afforded to you under applicable data protection laws are:
- The Right to Access: You have the right to request access to the Personal Information we hold about you, along with other information such as the purposes of the processing, the recipients or categories of recipients to whom the Personal Information has been or will be disclosed, the sources of the Personal Information, retention, and transfers of Personal Information.
- The Right to Rectification: You have the right to request correction of inaccurate Personal Information we have about you. Depending on the purposes of the processing, you may have the right to have incomplete Personal Information completed, including by means of providing a supplementary statement. As noted above, you may also be able to correct your information in your account or profile.
- The Right to Restrict Processing: You may have the right to restrict processing under certain circumstances.
- The Right to Object to Processing; You may, as permitted by law, request that we stop processing your Personal Information.
- The Right to Data Portability: Under certain circumstances, you have the right to receive the Personal Information about you that you have provided to us, in a structured, commonly used, and machine-readable format.
- The Right to Withdraw Consent: Where we rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
- The Right to Erasure: You have the right to request that we delete your Personal Information. If required by law, we will grant your request to delete information. However, when we delete Personal Information it will be removed from our active database, but it may remain in archives where it is not practical or possible to delete it. In addition, we may keep your Personal Information as needed to comply with our legal obligations, resolve disputes, and/or enforce any of our agreements.
7.3 Legal Basis for Processing Your Personal Information
As required by applicable law, we rely on several different legal bases to collect, use, and disclose your Personal Information:
- Necessity to Perform Contract with You – We need to process your Personal Information to provide our Services, ensure Services are working as they should, answer questions and requests from you, manage our business relationship with you, and provide customer support.
- Compliance with Legal Obligations – We need to process your Personal Information to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal process.
- Consent – We rely on your consent when you provide us with your consent.
- Based on Legitimate Interests – We process your Personal Information to protect your security and the security of the Website and/or Services; to detect and prevent fraud; to protect and defend the rights or property of others, or our own rights and interests; and to maintain and improve the user experience.
In order to collect the data described herein we may use temporary cookies or web beacons that remain on your browser or device for a limited period of time. We may also use persistent cookies that remain on your browser or device until removed, in order to manage and maintain the Services and record your use of the Services.
9. Third-Party Links
10. Legal Justification and Consent to Processing
11. Children and Minors
Our Website and Services are not intended for persons under the age of 13. By using the Services, you represent that you are at least the age of majority in your state, province or country of residence, or that you are the age of majority in your state, province or country of residence and you have given us your consent to allow any of your minor dependents to use the Services. If we learn that we have collected Personal Information from persons under 13 through our Website or Services, we will take appropriate steps to delete this information. Cato does not knowingly collect or sell Personal Information from children under the age of 13.
12. Governing Law and Jurisdiction
Cato Networks Ltd.
121 Menachem Begin St., Tel Aviv, Israel
If you consider that our processing of your Personal Information infringes upon data protection regulations, you have a legal right to file complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement.
Effective Date. June 5, 2023.
Last Updated Date. June 5, 2023.