Privacy Policy & Cookie Policy
This document explains what personal data we collect on the Shato Tours website and online services, for what purposes we use it, how we store and share it, and how we use cookies and similar technologies. The Policy applies to site visitors and to customers placing orders online, by phone, and/or via messengers.
Shato Tours complies with applicable laws of the State of Israel on privacy protection, including the Protection of Privacy Law, 5741-1981 (as amended, incl. Amendment No. 13 effective 14.08.2025), as well as the Data Security Regulations, 2017. For marketing communications, we comply with the “Spam Law” (Section 30A of the Communications Law). (DLA Piper Data Protection)
1) Who we are and how to contact us
Shato Tours
Address: Yael Rum St. 22/1, Petah-Tikva, Israel
Tel.: +972-52-639-0203, +972-52-886-4940 (Sun–Fri 09:00–17:00)
E-mail: info@shato.tours
2) What data we collect
Identification and contact data: name, phone, e-mail, preferred language of communication.
Booking data: dates, itinerary/service, number of participants, pick-up/drop-off location, preferences.
Payment and billing data: payment method (card details are processed by payment providers).
Communications: support requests, reviews, correspondence.
Technical data: IP address, device/browser identifiers, pages and events on the site, cookies and pixels (see the “Cookie Policy” section).
3) What we use data for (purposes of processing)
Acceptance and processing of orders, communication about the order, provision of services (excursions, transfers).
Improving the website and services (analytics of visits and conversions).
Fraud prevention, ensuring security.
Legal and accounting obligations (acts, invoices, reporting).
Marketing messages (where a lawful basis and/or your consent exists) — news, special offers, reminders. Rules for direct marketing are governed by Israel’s Section 30A and the “direct mailing” provisions of the Protection of Privacy Law (see Section 7).
4) Legal bases (under Israeli law)
We rely on: (a) performance of a contract (order processing); (b) compliance with legal obligations (record-keeping, data security); (c) our legitimate interest (support and improvement of the service, basic analytics, fraud prevention); (d) consent — where required, in particular for marketing communications and/or non-strictly necessary cookies/trackers. This approach aligns with PPA (Israel Privacy Protection Authority) guidance and Amendment No. 13 on transparency and informed consent. (IAPP)
5) Disclosures to third parties and processors
We share data with the minimum necessary recipients:
Payment providers;
IT contractors (hosting, CRM, e-mail and SMS gateways, analytics and anti-fraud);
Partners/subcontractors to perform a specific service (e.g., local carrier/attraction) where needed for the order;
Public authorities, where required by law.
International transfers. If data is transferred outside Israel (e.g., to cloud providers or analytics services located abroad), we follow the Regulations on Transfer of Data to Databases Abroad (2001) — either relying on the recipient’s adequate level of protection, or entering into contractual commitments that ensure a comparable level of protection.
6) Retention periods
We retain data only as long as necessary for the purposes for which it was collected, taking into account statutes of limitation and accounting/tax requirements. When the purpose has been achieved or mandatory periods expire, data is deleted or securely anonymized.
7) Marketing, mailings, and direct mailing
We send promotional messages only with your consent (opt-in), or within exceptions provided by law (e.g., to customers who have already purchased similar services, with a mandatory easy opt-out right). Each message includes an unsubscribe method and sender contact. (ממשלת ישראל)
Regarding direct mailing (individual outreach based on attributes from a database), the Law gives you the right to require deletion of your data from the database used for direct mailing and to prohibit transfers of data to third parties — we must fulfill such a request and confirm it in writing. (ממשלת ישראל)
8) Your rights
Under Israeli law, you have the right to:
Access your data that we process;
Rectify inaccurate/incomplete data;
Require removal from a direct-mailing database and cessation of transfers of data to third parties for such purposes;
File a complaint with the Privacy Protection Authority (PPA).
The legal bases and procedures are set out in the Protection of Privacy Law (incl. §§13–14 and the sub-sections on direct mailing) and clarified by the PPA.
How to submit a request: write to info@shato.tours with the subject “Data Request (PPL)”, include your full name, contact phone number, and a description of the request. We will respond within a reasonable time and as provided by law.
9) Data security
We apply organizational and technical safeguards appropriate to the class and volume of data processed (access management, logging, encryption where necessary, backups, agreements with processors, etc.), and maintain internal procedures in the spirit of the Data Security Regulations, 2017. Despite these measures, no one can guarantee absolute security. (ממשלת ישראל)
10) Children’s privacy
The site is not intended for independent use by persons under 18. If you are a parent/guardian and believe a child has provided us data without your consent, contact us to have it deleted.
11) Cookie Policy (cookies and similar technologies)
11.1 What cookies are and why they are used
Cookies are small text files that the browser stores on your device. They help the site function, remember settings, and measure traffic and advertising effectiveness. Similar technologies: pixels, local storage, SDK identifiers of mobile applications.
11.2 Our cookie categories
Strictly necessary (required for the site/cart/checkout to work).
Functional (remember your settings, interface language).
Analytics and measurement (e.g., Google Analytics) — help understand how the site is used.
Marketing and retargeting (e.g., advertising pixels) — show relevant ads and measure campaigns.
11.3 Legal basis and consent
Israeli law has no separate “cookie law,” but the PPA recommends clear notice, transparency, and obtaining consent for non-strictly necessary cookies/trackers — especially for profiling and marketing. Therefore, we use a cookie settings banner that lets you accept/reject categories other than strictly necessary ones.
If you are in a jurisdiction requiring opt-in (e.g., EEA under ePrivacy/GDPR), the banner will meet those requirements, and non-strictly necessary cookies will be set only after consent.
11.4 Managing cookies
You can: (a) set preferences in the cookie banner; (b) delete/block cookies in your browser settings; (c) use providers’ opt-out links (where we provide them on the settings page). Note: disabling cookies may limit certain site functions.
11.5 Cookie lifetimes
Lifetime depends on type (session/persistent) and provider. Specific lists and lifetimes are specified in our cookie registry (see “Cookie Settings” in the site footer).
12) Cross-border data transfers when using cookies/SDKs
When we connect analytics and advertising networks (e.g., Google, Meta, etc.), data (including IP, cookie/device identifiers, on-site events) may be processed outside Israel. In such cases, we use mechanisms provided by Israeli rules (assessment of the recipient’s protection level and/or contractual commitments with the recipient).
13) Updates to this Policy
We may periodically update this document. The current version is always available on the site with the “Last updated” date. If changes are material, we will provide additional notice (banner/e-mail, etc.).
14) Privacy contacts
For any privacy and cookie matters: info@shato.tours | Yael Rum St. 22/1, Petah-Tikva, Israel.
